using htmlpurifier for input or output escaping/filtering

Posted by user214545 on Stack Overflow See other posts from Stack Overflow or by user214545
Published on 2010-05-24T13:54:58Z Indexed on 2010/05/24 14:01 UTC
Read the original article Hit count: 457

I am processing a user input from the public with a javascript WYSIWYG editor and I'm planning on using htmlpurifier to cleanse the text.

I thought it would be enough to use htmlpurifier on the input, stored the cleaned input in the database,and then output it without further escaping/filtering. But I've heard other opinions that you should always escape the output.

Can someone explain why I should need to cleans the output if I'm already cleaning the input?

© Stack Overflow or respective owner

Related posts about php

Related posts about filtering