• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Best place to sanatize posted HTML

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am new to the structure of Jforum 2 and have found it easy to place TinyMCE editor in place of the default BB editor. I am now looking for the best place to trap the submission of posts so that I can sanatise it before it is saved to the database. I have found:

  • Post.java insert/insertSave/edit/editSave etc
  • PostCommon.java fillPostFromRequest(..) method


  • I am assuming that their is a central dispatcher that passes control over to these methods but I haven't really found it yet. Does anyone have time to throw me a bone please?
     
    author & internet detective
    Posts: 41919
    910
    Eclipse IDE VI Editor Java
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Gavin,
    Welcome to CodeRanch!

    PostCOmmon.fillPostFromRequest is a good place to do it. It is called by insertSave and editSave for posts AND insertSave for private messages. You want to sanitize both of course.

    Also consider if you need to sanitize any user profile fields like the signature.
     
    Gavin Donald
    Greenhorn
    Posts: 2
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Thank you Jeanne, it looks like that has done the job nicely. Previously I had edited the GenericDAO classes but it was no where near as tidy.
     
    Greenhorn
    Posts: 3
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Gavin Donald wrote:I am new to the structure of Jforum 2 and have found it easy to place TinyMCE editor in place of the default BB editor. I am now looking for the best place to trap the submission of posts so that I can sanatise it before it is saved to the database. I have found:

  • Post.java insert/insertSave/edit/editSave etc
  • PostCommon.java fillPostFromRequest(..) method


  • I am assuming that their is a central dispatcher that passes control over to these methods but I haven't really found it yet. Does anyone have time to throw me a bone please?



    Hi Gavin,
    It would be great if you could share how you integrated TinyMCE with Jforum

     
    Consider Paul's rocket mass heater.
    reply
      Bookmark Topic Watch Topic
    • New Topic