Frage
From the user submitted post there are things like
https://stackoverflow.com/questions/21956378
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<a onclick="sth()" href ="legitlink.html">some content</a>
I would like to preserve the link so that the link can still be display, but the javascript part should be sterilized
<a href="legitlink.html">some content</a>
How can this be done in php? Is there some extensions or frameworks that handle these kind of work automatically?
Lösung
Don't try to make this by yourself - I bet you forgot some malicious code parts. There are testet libraries, which do a great job. I.e. have a look at HTML Purifier
require_once '/path/to/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
