ShaolinF Posted December 12, 2009 Share Posted December 12, 2009 Hi Guys What is the best way to validate/sanitize user specified html ? Link to comment https://forums.phpfreaks.com/topic/184899-sanitize-html/ Share on other sites More sharing options...
RussellReal Posted December 12, 2009 Share Posted December 12, 2009 just gotta worry about <frameset><frame><script><iframe> everything else should be fine maybe also <embed> amd <object> also you'd want to search through their css for "Behavior" Link to comment https://forums.phpfreaks.com/topic/184899-sanitize-html/#findComment-976068 Share on other sites More sharing options...
ShaolinF Posted December 12, 2009 Author Share Posted December 12, 2009 Ah, that sounds like alot of work. Do you know of any 'ready made' code I could just drop in ? Link to comment https://forums.phpfreaks.com/topic/184899-sanitize-html/#findComment-976077 Share on other sites More sharing options...
oni-kun Posted December 12, 2009 Share Posted December 12, 2009 Hi Guys What is the best way to validate/sanitize user specified html ? You can use strip_tags and define as the second parameter allowed tags, easily such as: '<p><h1>....'etc. But note this will not remove attributes on allowed tags such as 'onClick' etc. <?php $text = '<script>alert(\'Omg popup!\');</script><p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); echo "\n"; // Allow <p> and <a> echo strip_tags($text, '<p><a>'); ?> Result: Test paragraph. Other text <p>Test paragraph.</p> <a href="#fragment">Other text</a> Link to comment https://forums.phpfreaks.com/topic/184899-sanitize-html/#findComment-976078 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.