Jump to content

Use of strip_tags and impact of allowed tags on malicious code


jwhite68

Recommended Posts

If I use the PHP function strip_tags to strip everything except for bullet points and breaks - effectively:

 

$output= strip_tags($desc,'<br><li><ul>');

 

As I echo $output on my form, is there any potential here for malicious code to still creep through?

In this case, $desc is HTML data from an external file, which could contain malicious code within it.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.