•  16-02-2021
  •  | 
  •  

Question

How can I validate a HTML code submitted by the user? Looking for <script> tags is easy, but you can also embed JS in for example <div onclick="yyy"></div>. Are there any ready to use libraries/functions? (like $safeHTML = validateCode($rawHTML))

Was it helpful?

Solution

You can use HTML Purifier.

OTHER TIPS

I use the following function:

function sanitizeString($var){
    $var = strip_tags($var);
    $var = htmlentities($var);
    $var = stripslashes($var);
    return mysql_real_escape_string($var);

It changes over characters like < to 

&lt;

prevent escape characters for SQL, stips unwanted slashes, etc.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top