Tinymce and javascript - PHP Validation_问答_开发者

开发者 https://www.devze.com 2023-03-23 04:21 出处：网络

I\'m using Tinymce on my bl开发者_如何学Cog writing, but there seems to be a problem when using htmlspecialchars with PHP. All mytags etc, shows up, and i want the styling of the P tag. Is there any w

I'm using Tinymce on my bl开发者_如何学Cog writing, but there seems to be a problem when using htmlspecialchars with PHP. All my

tags etc, shows up, and i want the styling of the P tag. Is there any way i can fix this? if i remote htmlspecialchars the site will be open for XSS etc, cause of javascript.

Dose anyone have a similar problem? and know how i can fix this? maybe remove some TinyMCE valdiation stuff or something?

I use also TiniMCE. I use nothing but the below codes, which helps me.

$allowedTags='<p><strong><em><u><h1><h2><h3><h4><h5><h6><img>';
$allowedTags.='<li><ol><ul><span><div><br><ins><del>';  
$new_msg = strip_tags(stripslashes($_POST['msg']), $allowedTags);// Posted data from tiniMCE text area

Try this above. This is save from XSS or other attack

If you allow user to use TinyMCE , then you must remove all style of HTML tag and script . Then save direct to database , don't need to use htmlspecialchars.

If only a you can post then you don't need sanitize anything .