3raser Posted June 5, 2012 Share Posted June 5, 2012 I was reading the documentary for strip_tags() and it mentioned nothing about removing JavaScript tags (which I'm assuming is HTML since it's in the form of it - e.g: <script></script>). I just want to be assured that it does protect against XSS. Do you have any better recommendations? Thanks. Link to comment https://forums.phpfreaks.com/topic/263734-does-strip_tags-protect-against-xss/ Share on other sites More sharing options...
Psycho Posted June 5, 2012 Share Posted June 5, 2012 Did you try it? Here's a simple test. $input = "This is input with <script type=\"javascript\"> alert('JavaScript'); </script> code."; echo strip_tags($input); And, a simple Google search for "PHP prevent XSS attacks" yielded plenty of good resources. Link to comment https://forums.phpfreaks.com/topic/263734-does-strip_tags-protect-against-xss/#findComment-1351514 Share on other sites More sharing options...
requinix Posted June 5, 2012 Share Posted June 5, 2012 It should prevent many forms, but there are some it won't. It depends where you output the strings. Pretty much all you need is htmlentities() or htmlspecialchars(). Link to comment https://forums.phpfreaks.com/topic/263734-does-strip_tags-protect-against-xss/#findComment-1351518 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.