开发者

Remove javascript from user input but still allow html with PHP?

开发者 https://www.devze.com 2023-02-22 14:01 出处:网络
I want to allow users to write html into a form field but exclude javascript. Is there simple code or a library that will do this?

I want to allow users to write html into a form field but exclude javascript. Is there simple code or a library that will do this?

I've looked into using HTML Purifer but I'm not quite sure how to configure it to run in the way I am looking for. I think I would have to specify all the tags that I am allowing into HTML.allowed. I could come up with an exhaustive list, I guess, but if there is an easier way, I'd rather 开发者_开发知识库do that.


strip_tags() takes a second argument $allowable_tags so no need for external libraries or classes but yes, you will have to allow any tags you want to allow. Honestly, there are not so many tags. You may also want to disallow <style>

http://php.net/manual/fr/function.strip-tags.php

0

精彩评论

暂无评论...
验证码 换一张
取 消