2

I'm looking for this new concept (for me) of Sanitize the HTML,
I've read all about what this module does, but I really don't understand what's that for, and where use it, and what this can contribute for my future projects.

If some of you want to read about that > here

p.s: I just want a practical answer nothing too long.

Thanks in advance.

Alvaro Silvino
  • 9,441
  • 12
  • 52
  • 80
  • the sanitize module ensures that when you have variables which contain HTML content, that content is "safe", and won't cause unexpected side effects. This could be anything from SQL injection to executing javascript functions, site redirections, link replacements, etc. – Claies Oct 13 '15 at 00:28
  • that was really ojective, can you make an answer with some real case scenario? if you wish. – Alvaro Silvino Oct 13 '15 at 00:30
  • 1
    I can't really make it any clearer than the examples on the documentation page you posted in the question already do. – Claies Oct 13 '15 at 00:31

1 Answers1

2

When your app accepts input that is to be compiled as HTML - you would use the $sanitize service to ensure that the accepted inputs are free from attempts to inject malicious code.

Kevin Friedheim
  • 324
  • 1
  • 9
  • like sql injection? this sanitization avoid these scenarios? – Alvaro Silvino Oct 13 '15 at 00:16
  • while you can sanitize inputs on the front end to avoid sql injection - the safest thing you do can would be to add parameterization on the backend. see [this](http://stackoverflow.com/questions/542510/how-do-i-create-a-parameterized-sql-query-why-should-i) – Kevin Friedheim Oct 13 '15 at 00:19
  • That was really helpful! Can you tell some example in practice? – Alvaro Silvino Oct 13 '15 at 00:24
  • I assume you mean of sql injection. In the [link](http://stackoverflow.com/questions/542510/how-do-i-create-a-parameterized-sql-query-why-should-i) I posted above, they gave the example `';DROP TABLE bar;--` – Kevin Friedheim Oct 13 '15 at 00:26
  • 1
    I'd say that its use is highly situational - an example might be if i were to write an email app that allowed users to create a custom signature field - I might want to sanitize the inputted HTML to ensure that it wasn't malicious in order to protect other users from a feature that my app exposes. – Kevin Friedheim Oct 13 '15 at 00:39