jwhite68 Posted September 27, 2007 Share Posted September 27, 2007 If I use the PHP function strip_tags to strip everything except for bullet points and breaks - effectively: $output= strip_tags($desc,'<br><li><ul>'); As I echo $output on my form, is there any potential here for malicious code to still creep through? In this case, $desc is HTML data from an external file, which could contain malicious code within it. Link to comment https://forums.phpfreaks.com/topic/70857-use-of-strip_tags-and-impact-of-allowed-tags-on-malicious-code/ Share on other sites More sharing options...
jwhite68 Posted September 27, 2007 Author Share Posted September 27, 2007 Can a moderator please move this to the PHP Help forum, as I couldnt find a way to do this myself. I accidentally posted under HTML Help. Thanks. Link to comment https://forums.phpfreaks.com/topic/70857-use-of-strip_tags-and-impact-of-allowed-tags-on-malicious-code/#findComment-356276 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.