Validate HTML from user
-
16-02-2021 - |
Domanda
How can I validate a HTML code submitted by the user? Looking for <script>
tags is easy, but you can also embed JS in for example <div onclick="yyy"></div>
. Are there any ready to use libraries/functions? (like $safeHTML = validateCode($rawHTML)
)
Soluzione
You can use HTML Purifier.
Altri suggerimenti
I use the following function:
function sanitizeString($var){
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return mysql_real_escape_string($var);
It changes over characters like < to
<
prevent escape characters for SQL, stips unwanted slashes, etc.
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow