•  16-02-2021
  •  | 
  •  

Domanda

How can I validate a HTML code submitted by the user? Looking for <script> tags is easy, but you can also embed JS in for example <div onclick="yyy"></div>. Are there any ready to use libraries/functions? (like $safeHTML = validateCode($rawHTML))

È stato utile?

Soluzione

You can use HTML Purifier.

Altri suggerimenti

I use the following function:

function sanitizeString($var){
    $var = strip_tags($var);
    $var = htmlentities($var);
    $var = stripslashes($var);
    return mysql_real_escape_string($var);

It changes over characters like < to 

&lt;

prevent escape characters for SQL, stips unwanted slashes, etc.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top