1internet Posted April 12, 2013 Share Posted April 12, 2013 So if you submit a form, that contains an htmleditor, but you want to sanitize the code, how is this done? Obviously htmlentities will render any html in the editor unusable. Link to comment https://forums.phpfreaks.com/topic/276887-best-way-to-santize-html-editor-post/ Share on other sites More sharing options...
requinix Posted April 13, 2013 Share Posted April 13, 2013 strip_tags() to remove markup you don't want. If you don't trust the user then you have to go even more complex by looking for malicious attributes: I could put a just fine, but I could also put a Click to Like this page! Link to comment https://forums.phpfreaks.com/topic/276887-best-way-to-santize-html-editor-post/#findComment-1424493 Share on other sites More sharing options...
1internet Posted April 13, 2013 Author Share Posted April 13, 2013 But striptags would remove the html, I want to keep the html intact. I want something exactly like THIS form here. Link to comment https://forums.phpfreaks.com/topic/276887-best-way-to-santize-html-editor-post/#findComment-1424518 Share on other sites More sharing options...
DavidAM Posted April 13, 2013 Share Posted April 13, 2013 THIS form uses BBCode not HTML for the user entry. The BBCode is converted to the allowed HTML on display. Also, strip_tags will allow you to leave specific HTML tags intact. Link to comment https://forums.phpfreaks.com/topic/276887-best-way-to-santize-html-editor-post/#findComment-1424520 Share on other sites More sharing options...
1internet Posted April 13, 2013 Author Share Posted April 13, 2013 If its within a CMS does it really need to be sanitized anyway? Link to comment https://forums.phpfreaks.com/topic/276887-best-way-to-santize-html-editor-post/#findComment-1424619 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.