#1255 Feature request: more intelligent security filtering - Exponent CMS

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#1255 new

Feature request: more intelligent security filtering

Reported by dleffler | December 29th, 2014 @ 03:42 PM

We should make our 'scrubbing' more intelligent by only scrubbing 'untrusted' input. This would apply to non-admin users (could make this optional?) and then for both input/output only coming from the forms module, comments, the url. Perhaps using HTMLPurifier library http://htmlpurifier.org/?

Comments and changes to this ticket

expNinja December 30th, 2014 @ 08:38 PM
(from [7d739aba47cc5b27bd9577858b81e43882ba2fb1]) adds comments to expCommentController & expSimpleNoteController for scrubbing input/output [#1255] https://github.com/exponentcms/exponent-cms/commit/7d739aba47cc5b27...

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.