phpzend-frameworkhtml-entitieszend-filter

how to show real tags from a htmlspecialchars_decode?


i'm creating a cms in php using zend framework where i choose to save at some part html templates to ease redesigning of the views and all.Now to save those templates(views, sidebars) i had to use Zend_Filter_Input with Zend_Filter_HtmlEntities(array('quotestyle' => ENT_QUOTES)

one of the reasons is security, the second is that i use freeRTE to ouput the template for editing, and that freeRTE is very sensitive to quotes so i had to do something.

Now i'm hustling because when i try to output the template back or worst show it in its layout to the public, it shows raw html with tags ,html_entity_decode and htmlspecialchars_decode could not do a thing.example instead of showing the image it show the following on the page :

<div id="welcome"> <div id="welcome_img"><img src="/images/welcome.jpg" alt="welcome" /></div></div>

any clue? it anyone has experienced this please do share the knowledge on that.thanks for reading.


Solution

  • You can't use htmlentities for filter when you save HTML. It will replace <, > and & plus all the replaceable chars.

    Edit: Remove HTMLEntities filter from saving, because saving HTML as-is would be the whole point of template-editor.

    If you want to add some security related features, remove tags from the HTML and every other html tag that you find harmful! (embed?)