ShaolinF Posted December 12, 2009 Share Posted December 12, 2009 Hi Guys What is the best way to validate/sanitize user specified html ? Quote Link to comment https://forums.phpfreaks.com/topic/184899-sanitize-html/ Share on other sites More sharing options...
RussellReal Posted December 12, 2009 Share Posted December 12, 2009 just gotta worry about <frameset><frame><script><iframe> everything else should be fine maybe also <embed> amd <object> also you'd want to search through their css for "Behavior" Quote Link to comment https://forums.phpfreaks.com/topic/184899-sanitize-html/#findComment-976068 Share on other sites More sharing options...
ShaolinF Posted December 12, 2009 Author Share Posted December 12, 2009 Ah, that sounds like alot of work. Do you know of any 'ready made' code I could just drop in ? Quote Link to comment https://forums.phpfreaks.com/topic/184899-sanitize-html/#findComment-976077 Share on other sites More sharing options...
oni-kun Posted December 12, 2009 Share Posted December 12, 2009 Hi Guys What is the best way to validate/sanitize user specified html ? You can use strip_tags and define as the second parameter allowed tags, easily such as: '<p><h1>....'etc. But note this will not remove attributes on allowed tags such as 'onClick' etc. <?php $text = '<script>alert(\'Omg popup!\');</script><p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); echo "\n"; // Allow <p> and <a> echo strip_tags($text, '<p><a>'); ?> Result: Test paragraph. Other text <p>Test paragraph.</p> <a href="#fragment">Other text</a> Quote Link to comment https://forums.phpfreaks.com/topic/184899-sanitize-html/#findComment-976078 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.