Jump to content

Does strip_tags() protect against XSS?


3raser

Recommended Posts

I was reading the documentary for strip_tags() and it mentioned nothing about removing JavaScript tags (which I'm assuming is HTML since it's in the form of it - e.g: <script></script>). I just want to be assured that it does protect against XSS. Do you have any better recommendations?

 

Thanks.

Link to comment
https://forums.phpfreaks.com/topic/263734-does-strip_tags-protect-against-xss/
Share on other sites

Did you try it? Here's a simple test.

$input = "This is input with <script type=\"javascript\"> alert('JavaScript'); </script> code.";

echo strip_tags($input);

 

And, a simple Google search for "PHP prevent XSS attacks" yielded plenty of good resources.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.