I created a blog with Symfony and I just include the CKEditor bundle
So whenever I tried to write an article I can format it with the bundle and store the article in my database. But when it's store in my database and I try to read it, it doesn't format normaly.
Can somebody help me with this.
This is the rendering of the article from my database with twig
The problem is that |raw
will also unescape malicious tags such as <script>
, you definitely can't use |raw
if any user can write texts in your rich-text editor.
With your debug console, just make the hidden textarea appear, and fill it with arbitrary code. Disable javascript to remove CKEditor auto-escaping, and see what's going on.
A better solution is to use HTMLPurifierBundle, it will not escape the safe tags such as <b>
, <em>
... but will remove untrusted ones such as <script>
, <iframe>
etc.
This bundle provides a |purify
tag, that's the tag to remember.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments