Introduction

This document describes a way to sanitize input to a collection. It uses HTMLPurifier (Make sure to keep it up-to-date for the best protection) to filter the input. The output of the code always has type="xhtml".

Details

Download the example file for the news collection (collection_news.php) from the subversion repository.

Download HTMLPurifier and save it in the templates directory.

All requests for the news collection pass through that file. Note that it's best to only load HTMLPurifier when it's really needed. It requires a lot of memory.