https://stackoverflow.com/questions/22754790
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianhtmlspecialchars() does everything you need it too. htmlentities() is for special use cases, like Chinese characters, where you may want to escape them, even though it is not 100% required. htmlspecialchars() seems to be sufficient to protect you from any type of XSS.
Safe way to escape iframe srcdoc value in PHP?
Question
Which PHP function is suited to escape HTML for usage in <iframe srcdoc="???">?
I found two candidates: htmlspecialchars() and htmlentities(). Which one should be used to allow any possible HTML code to be escaped properly?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
