Skip to content
Advertisement

When I save span with style to MySQL, style is deleted

I am using TinyMCE for my PHP/CodeIgniter CMS back-end input. However when I use a text color, some of codes are not saved and does not show the correct color.

How can I solve this problem?

Thanks in advance.

<span style="color: #ff00ff;">Some text</span>

becomes

<span  #ff00ff;">Some text</span>

in database

Some codes are here.

In my controller.

function _fields()
{
    $data = array(
       ....
        'content'          => $_POST['content'],
        ....
    );
    return $data;
}


function create()
{
    // We need TinyMCE, so load it
    $this->bep_assets->load_asset_group('TINYMCE');
    ...
    if ($this->input->post('name'))
    {
        $data = $this->_fields();
        $this->MKaimonokago->addItem($this->module,$data);
...

And in my model.

function addItem($module,$data,$return_id=FALSE)
{
    $module_table = 'omc_'.$module;
    ...
    $this->db->insert($module_table, $data);
    ...
}

Advertisement

Answer

With CodeIgniter, if you have the XSS filter enabled globally (set in your config.php) you will find that HTML inline style text is removed from all form inputs.

To get around this you can disable global XSS filtering and filter your TinyMCE form inputs manually with something like HTML Purifier, which gives you a lot more control over the elements and attributes which you would like to allow.

For the rest of your form inputs you can still run them through CodeIgniter’s XSS filter – you’ll just have to do it manually, like so:

$this->form_validation->set_rules('form_item_name', 'Field Name', 'required|xss_clean|strip_tags|trim');
User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement