Purify your inputs in Yii
Yii does include this library as a widget that you can use inside your model’s validation rules.
Here goes the code I used (taken from the Yii documentation):
All html and scripts will be removed (if between the <script> tag).
If you use
> < // as delimiter of your tags
the content will not be evaluated but just stored.
Yep, that’s the beauty of using a kick ass framework as Yii !
For the Java/Jsp lovers there seems to be an equivalent (which I haven’t evaluated) :