Html Tags White list

[MadeNade]

I work with advanced method:

$gump = new GUMP();

$_POST = $gump->sanitize($_POST); // You don't have to sanitize, but it's safest to do so.

$gump->validation_rules(array(
    'title'      => 'required',
    'story'      => 'required'

));

$gump->filter_rules(array(
    'title'    => 'trim|sanitize_string',
    'story'    => 'trim|sanitize_string',
));

$validated_data = $gump->run($_POST);

if($validated_data === false) {
    echo $gump->get_readable_errors(true);
} else {
    print_r($validated_data); // validation successful
}

In action this good work and sanitize all input data. for story field in need to add html tags like <p><img><table> but this class sanitize all $_POST and remove all html tags.

how do can i add white list for html tags?!

[kristopolous]

I just ran into this ... by default, sanitization should probably just remove the script tag. I've been fixing these in my own fork as the original author hasn't been able to get to these issues. I'll reply soon with a patch

[kristopolous]

The core problem is that the author is using filter_var to do this http://php.net/manual/en/function.filter-var.php instead of http://php.net/manual/en/function.strip-tags.php ...

[kristopolous]

there's a $basic_tags which is a decent white-list but this can't be static for your purposes ... so I'll make an $instance_tags that can be changed.

[kristopolous]

ok see #139 for this in isolation ... you can also use my branch at https://github.com/kristopolous/GUMP/tree/106-html-tags-white-list or you can use my master branch which is all of my bugfixes merged ... they should be pretty safe fixes but YMMV

[filisko]

Hmm.. I see. Well, I think that something we had already pending is to create a filter and adapt it to use some third-party HTML filtering library.

[filisko]

This is already added in Docs as TODO.