SANITIZING: Use miva_html_strip(...) for Easy User Input Safety

Miva Knowledge Base
Want to start an online store? We work with you from start to finish, from commerce platform to design to SEO.
Experience counts, and we have a lot.
Important Notice: This information is for internal reference only. Use at your own risk.

SANITIZING: Use miva_html_strip(...) for Easy User Input Safety

Scot Ranney • December 10, 2024

Super easy to sanitize a textarea input or any other input.

This method includes a way to sanitize and then add <br> for line breaks.

###############
Mivascript: 
###############

<MvASSIGN NAME = "l.sanitized" VALUE = "{ miva_html_strip( l.unsanitized, l.null ) }" />
<MvASSIGN NAME = "l.sanitized" VALUE = "{ glosub( l.sanitized, asciichar(10), '
' ) }" />

<p>
	<MvEVAL EXPR = "{ l.sanitized }">
</p>

###############
Storemorph/SMT:
###############

<mvt:aasign name="l.settings:sanitized" value="miva_html_strip(g.unsanitized,l.null)" />
<mvt:assign name="l.settings:sanitized" value="glosub(l.sanitized,asciichar(10),'
')" />

<p>
	&mvt:sanitized;
</p>

At this point you don't need to use encodeentities(...) or &mvte:something; because there is nothing left to encode. JS, HTML, inline script/js, nothing is left over from miva_html_strip(...)

https://www.scotsscripts.com/mvblog/sanitizing-using-miva-html-strip-for-effective-user-input-safety.html

mvkb_security mvkb_mivascript mvkb_smt