CHtmlPurifier in YII1

By August 23, 2017PHP, Programming, YII

CHtmlPurifier is wrapper of HTML Purifier.

CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.

In your model

Add the below content in your model page.

public function rules() {
 return array(array('name, text','check_html'));
public function check_html($obj, $param) {
        $value = strip_tags($this->$obj);
        $p = new CHtmlPurifier();
        $output = $p->purify($value);
        $htmlentity = htmlspecialchars($output, ENT_QUOTES);
        $htmlentity_new = str_replace("amp;amp;", "amp;", $htmlentity);
        $this->$obj = $htmlentity_new;

For more details :

HTML Purifier YII1

Pankaj Singh Sugara

Author Pankaj Singh Sugara

Experienced Software Engineer with a demonstrated history of working in the marketing and advertising industry. Skilled in SQL, Web Applications, PHP, WordPress, and Joomla. Strong engineering professional with a B-TECH focused in Information Technology from JCDM College of Engineering Sirsa, Haryana.

More posts by Pankaj Singh Sugara