Search

New Podcast

DrupalEasy Podcast 73: Lots of Options
Posted Tuesday, January 31 at 3:28 pm
  Thomas Turnbull (tom_o_t on drupal.org) and Alan Palazzolo (zzolo on drupal.org) join Mike Anello to talk about their new book from O’Reilly Media, Mapping with Drupal. Mike’s usual co-hosts, Andrew and Ryan, were both unable to participate in the podcast, leaving Thomas and Alan subject to Mike’s long-winded (but extremely interesting by some accounts) questions.
Download Podcast 73
DrupalEasy_ep73_20120131.mp3
read more
Syndicate content

NEWSLETTER

Stay informed on our latest news!

Previous issues
Syndicate content

Testimonial

Rene Esteves
Mike & Ryan's session on March 11th was a great intro to what DrupalEasy training is capable of teaching. From solid fundamentals and practices, to a complex, automated feed aggregator, everything was laid out in plain detail, so any skill level, from Beginner, to Ninja could have picked it up quickly. I am anxiously waiting the next session, and encourage anyone who wants to sharpen their Drupal knowledge to drop by a session, and get their learn on
read more

Who are we?

DrupalEasy is the collective expertise of Ryan Price and Michael Anello, who joined forces to provide training and consulting services worldwide. Read all about them and what they can do.

What is Drupal?

Drupal is a free, super-powerful content management system for sites that require information posting and collection, including blogs, forums, videos, photos, and databases of information. We think it is the best platform available. Here's why...

Why Drupal?

More and more savvy organizations are going with Drupal for content management, and its no mystery why. It’s free, flexible, and easy to maintain for small or large volume sites. Learn more...

Why filter_xss() is a Friend to Module Developers

Submitted by ultimike on Thu, 05/14/2009 - 20:38

When writing custom modules, few functions are as useful as filter_xss(). In a nutshell, this function protects your web site from both malicious HTML and unwanted tags.

The function takes some text and, in effect, "cleans" it based on some very simple rules. First and foremost, it makes sure any HTML elements, tags, and attributes are well-formed. It also removes any non-standard characters and constructs that can trick browsers. Finally, it can remove any HTML tags depending on an argument passed to the function.

The function can be used when printing out text to the user or when importing text from a not-completely-trustworthy source. In the past, I've also used it to simply remove HTML tags that I didn't want showing up anymore. If you do any Drupal development, familiarity with this function is a must.

Trackback URL for this post:

http://drupaleasy.com/trackback/121
No votes yet

More Quicktips


Syndicate content