aleminio Posted May 17, 2011 Share Posted May 17, 2011 I am using an editor such as ckeditor in order to allow users on the website to submit their own guides. I want to prevent the user from inserting scripts therefore i am using preg_replace in order to replace words such as 'script' and 'embed' with the same words but as ascii code. for example 'script' as 'script' are there other things i should prevent the user from typing? the guides have to be approved so i see pure html, but it's hidden scripts and stuff like that i am afraid of. Link to comment https://forums.phpfreaks.com/topic/236685-editor-security/ Share on other sites More sharing options...
requinix Posted May 17, 2011 Share Posted May 17, 2011 Even better would be to only allow a certain set of HTML tags. For instance, Then use strip_tags to remove anything that isn't allowed. $clean = strip_tags($dirty, " "); Link to comment https://forums.phpfreaks.com/topic/236685-editor-security/#findComment-1216728 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.