1internet Posted April 12, 2013 Share Posted April 12, 2013 So if you submit a form, that contains an htmleditor, but you want to sanitize the code, how is this done? Obviously htmlentities will render any html in the editor unusable. Quote Link to comment Share on other sites More sharing options...
requinix Posted April 13, 2013 Share Posted April 13, 2013 strip_tags() to remove markup you don't want. If you don't trust the user then you have to go even more complex by looking for malicious attributes: I could put a just fine, but I could also put a Click to Like this page! Quote Link to comment Share on other sites More sharing options...
1internet Posted April 13, 2013 Author Share Posted April 13, 2013 But striptags would remove the html, I want to keep the html intact. I want something exactly like THIS form here. Quote Link to comment Share on other sites More sharing options...
DavidAM Posted April 13, 2013 Share Posted April 13, 2013 THIS form uses BBCode not HTML for the user entry. The BBCode is converted to the allowed HTML on display. Also, strip_tags will allow you to leave specific HTML tags intact. Quote Link to comment Share on other sites More sharing options...
1internet Posted April 13, 2013 Author Share Posted April 13, 2013 If its within a CMS does it really need to be sanitized anyway? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.