Example of Sanitizing String with Autoform, SimpleSchema & Insert Method?


#1

I’ve installed mpowaga:autoform-summernote, djedi:sanitize-html to try and clean the data going into simpleschema however I’m not sure how I get it to work.

I’m mostly trying to avoid malicious javscript inserts as mentioned in this post:

I’m using autoform with a method for inserting. Should the sanitize call be happening in that method? If so, how? Or can I set the allowed values in SimpeSchema like this person is trying to do?

There is some hint in a mpowaga:autoform-summernote github issue:

But It’s not really that helpful for a newbie.

I did make another issue to see if an example can be provided. But thought I’d also try the forums. Thanks for any feedback/help.


#2

you can use something like this in the schema

autoValue() {
      if (this.isSet) {
        return sanitizeHtml(this.value);
      }
    },