How to save data not escaped, nor encoded?


#1

I have form input that should allow to edit html. Using rows attribute above 1 for input. (Actually there are html editor connected to that field). Form loads fine for first time, with html tags. But when I save it with standard php form connector - all html tags are stripped.

How to disable that for one particular field in form? Not encoded, nor escaped, saved by placeholder(to not broke sql) to db? I have find on forum how to save raw html for full form, not one input, and it changes html, thats worst.

I can write own save connector what will receive form by POST request made by JQuery ajax, but don’t want to, cause there will be a number of such forms. There are no security risk, as form accessible by admin only and password protected.

I’m very new to dhtmlx.


#2

I found a way for full form, could anybody help to do same for one particular field of form?

<?php 
require_once('../dx/connector/form_connector.php');
ConnectorSecurity::$xss = DHX_SECURITY_TRUSTED;

Above will be protected by .htaccess or php basic auth.


#3

Unfortunately it is not available to define different xss filtering level for the different elements. ConnectorSecurity can be define once for the whole connector.