•  16-02-2021
  •  | 
  •  

Вопрос

How can I validate a HTML code submitted by the user? Looking for <script> tags is easy, but you can also embed JS in for example <div onclick="yyy"></div>. Are there any ready to use libraries/functions? (like $safeHTML = validateCode($rawHTML))

Это было полезно?

Решение

You can use HTML Purifier.

Другие советы

I use the following function:

function sanitizeString($var){
    $var = strip_tags($var);
    $var = htmlentities($var);
    $var = stripslashes($var);
    return mysql_real_escape_string($var);

It changes over characters like < to 

&lt;

prevent escape characters for SQL, stips unwanted slashes, etc.

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top