wood burning stoves 2.0*
The moose likes JForum and the fly likes Best place to sanatize posted HTML Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "Best place to sanatize posted HTML" Watch "Best place to sanatize posted HTML" New topic
Author

Best place to sanatize posted HTML

Gavin Donald
Greenhorn

Joined: Aug 03, 2013
Posts: 2
I am new to the structure of Jforum 2 and have found it easy to place TinyMCE editor in place of the default BB editor. I am now looking for the best place to trap the submission of posts so that I can sanatise it before it is saved to the database. I have found:

  • Post.java insert/insertSave/edit/editSave etc
  • PostCommon.java fillPostFromRequest(..) method


  • I am assuming that their is a central dispatcher that passes control over to these methods but I haven't really found it yet. Does anyone have time to throw me a bone please?
    Jeanne Boyarsky
    author & internet detective
    Marshal

    Joined: May 26, 2003
    Posts: 30789
        
    157

    Gavin,
    Welcome to CodeRanch!

    PostCOmmon.fillPostFromRequest is a good place to do it. It is called by insertSave and editSave for posts AND insertSave for private messages. You want to sanitize both of course.

    Also consider if you need to sanitize any user profile fields like the signature.


    [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
    Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
    Gavin Donald
    Greenhorn

    Joined: Aug 03, 2013
    Posts: 2
    Thank you Jeanne, it looks like that has done the job nicely. Previously I had edited the GenericDAO classes but it was no where near as tidy.
    raja gaj
    Greenhorn

    Joined: Apr 07, 2014
    Posts: 3
    Gavin Donald wrote:I am new to the structure of Jforum 2 and have found it easy to place TinyMCE editor in place of the default BB editor. I am now looking for the best place to trap the submission of posts so that I can sanatise it before it is saved to the database. I have found:

  • Post.java insert/insertSave/edit/editSave etc
  • PostCommon.java fillPostFromRequest(..) method


  • I am assuming that their is a central dispatcher that passes control over to these methods but I haven't really found it yet. Does anyone have time to throw me a bone please?


    Hi Gavin,
    It would be great if you could share how you integrated TinyMCE with Jforum

     
    wood burning stoves
     
    subject: Best place to sanatize posted HTML