开发者

PHP XSS Prevention WhiteListing

开发者 https://www.devze.com 2023-01-03 03:05 出处：网络

My site utilizes a WYSIWYG editor for users to update their accounts,enter comments, and send private messages.

相关专题：php validation wysiwyg xss

My site utilizes a WYSIWYG editor for users to update their accounts,enter comments, and send private messages.

The editor (CKEditor) is great for only allowing users to enter valid input, but I worry about injection through TamperData or othe开发者_如何学Gor means.

How can I control this on the server side?

I need to whitelist specific tags: <b><ul><ol><a><img><br>, will this be a SAFE approach to preventing XSS?

Use HTML Purifier:

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist.

strip_tags is going to be your friend. The second parameter lets you pass in an array of allowed tags strip_tags

上一篇:How do I get the Bake console for CakePHP?

做个app多少钱啊？？:下一篇

精彩评论

暂无评论...

登录注册

请自觉遵守互联网相关的政策法规，严禁发布色情、暴力、反动的言论！

验证码：

换一张

取消

关注公众号

图文推荐

Delphi - Custom drawing a message list

C++ header-only include pattern

IE7 Margin Collapses Into Padding

in CoffeeScript, how can I use a variable as a key in a hash?

Interactive visualization of a graph in python [closed]

How to customise PHP MYSQL tables?

High quality, simple random password generator

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章，同时StackOverflow中文社区，知识经验交流分享。

法律声明：本站内容均为网友上传，网站举办方负责审核和监督，如存在版权或非法内容，欢迎举报，我们将尽快予以删除。邮箱：devze@qq.com

PHP XSS Prevention WhiteListing

更多 问答 相关资讯：

精彩评论

关注公众号

热门标签

图文推荐

更多问答相关资讯：