Aspen Framework

From Aspen Documentation

Aspen uses the HTMLPurification class for securing and tidying HTML. Aspen uses it currently only for incoming data from forms (when enabled), but you have access to use for anything.

For all documentation for the original class, take a look at these documents:

• HTML Purifier Documentation
• HTML Purifier Configurations

The html class is loaded into the html variable within the framework. To use it, simply call a function using the following syntax:

print $this->APP->html->purify( '<b>hello <i>mike</b></i>' );

The above function will properly return the valid version of the above string. For additional configuration, you may pass any directives using the following syntax in your configuration files:

$config['html_purifier_settings'][] = array('HTML', 'AllowedElements', 'span,ol,ul,li,br,p,strong,em');

Notes Regarding Forms

When forms a processed through the Form class, all data is run through the various security parameters and by default, all html is stripped out.

To allow html, you must set database query security rules for each field. You would do so using a syntax like the following, just before any form->save() or Model class code.

$this->APP->model->setSecurityRule('fieldname', 'allow_html', true);