2

I am looking to secure some wysiwyg input in a symfony2 application, I have been looking at some flat php plugins like htmlpurifier but just tweaking the twig standard functionality like variable|raw_secure with some own parameters would suffice, if there is a way to create a filter that inherits from the |raw but lets me specify a few tags that are allowed...

Anyone done that?

I need to protect myself from xss, javascripts etc.

Matt Welander
  • 8,234
  • 24
  • 88
  • 138

1 Answers1

1

“if there is a way to create a filter that inherits from the |raw but lets me specify a few tags that are allowed...”

Twig's filter raw does nothing with parameter passed to it.

You can use Twig's filter escape with specific strategy. If that solution doesn't fit – you can create your own Twig filter.

Community
  • 1
  • 1
jkucharovic
  • 4,214
  • 1
  • 31
  • 46