php_begins Posted June 28, 2011 Share Posted June 28, 2011 hi, Suppose, when a user enters something like <!-- TEST --> in my form field. And later when I want to display it, how would it be possible to get rid of the html comments. Right now it displays nothing because of the comment symbols. strip_tags just removes the anything b/w <>. Is there any method that would make it work? Link to comment https://forums.phpfreaks.com/topic/240657-preventing-html-comment-injection/ Share on other sites More sharing options...
AbraCadaver Posted June 28, 2011 Share Posted June 28, 2011 It won't get rid of it but transform it and is a good idea before you display user submitted data: htmlentities() Link to comment https://forums.phpfreaks.com/topic/240657-preventing-html-comment-injection/#findComment-1236057 Share on other sites More sharing options...
fugix Posted June 28, 2011 Share Posted June 28, 2011 i would use str_replace() $string = '<!-- TEXT -->'; $srch = '<!->'; str_replace($srch,'',$string); Link to comment https://forums.phpfreaks.com/topic/240657-preventing-html-comment-injection/#findComment-1236064 Share on other sites More sharing options...
Adam Posted June 28, 2011 Share Posted June 28, 2011 If you just want to strip out HTML comments, you can use this: $str = preg_replace('/<!--.*?-->/s', '', $str); Link to comment https://forums.phpfreaks.com/topic/240657-preventing-html-comment-injection/#findComment-1236065 Share on other sites More sharing options...
gizmola Posted June 28, 2011 Share Posted June 28, 2011 i would use str_replace() $string = ''; $srch = ''; str_replace($srch,'',$string); Fugix, do you not see a problem with that code? You might want to test a suggestion like that before you post it next time. Link to comment https://forums.phpfreaks.com/topic/240657-preventing-html-comment-injection/#findComment-1236073 Share on other sites More sharing options...
fugix Posted June 29, 2011 Share Posted June 29, 2011 meh you're right Gizmo, my fault. Link to comment https://forums.phpfreaks.com/topic/240657-preventing-html-comment-injection/#findComment-1236275 Share on other sites More sharing options...
php_begins Posted June 29, 2011 Author Share Posted June 29, 2011 thanks for the suggestion Gizmola! Link to comment https://forums.phpfreaks.com/topic/240657-preventing-html-comment-injection/#findComment-1236301 Share on other sites More sharing options...
gizmola Posted June 29, 2011 Share Posted June 29, 2011 thanks for the suggestion Gizmola! MrAdam's suggestion is what I'd run with. Just wanted to clarify that Fugix's code would not work for you. Link to comment https://forums.phpfreaks.com/topic/240657-preventing-html-comment-injection/#findComment-1236513 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.