kreut Posted September 12, 2011 Share Posted September 12, 2011 Hello, I'm trying to sanitize user input and have been banging my head over HTMLpurifier the last several days (some weird encoding issues). So...I decided to try out HTMLawed. Using the following code: require_once('htmLawed/htmLawed.php'); $text ='<script type="text/javascript">This is bad stuff</script><p>hello how are < you?'; $out = htmLawed($text); echo $out; I would think that it would get rid of my javascript. But, in the browser $text looked exactly the same. This is such a newbie question that I'm embarrassed to ask it as the HTMLawed documentation "looked" great. Can someone please explain the error of my ways? Thanks so much, Eric Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 13, 2011 Share Posted September 13, 2011 did you also had a look in the source. ctrl+U or right click view source. Do you still see the < and the > as is or where they urlencoded? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.