News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Chris Shiflett's Blog:
Allowing HTML and Preventing XSS
March 16, 2007 @ 09:23:00

In this new post to his blog, Chris Shiflett helps to solve one of the problems that several web designers face when allowing user input but wanting to protect themselves as well - allowing HTML while preventing a user from including a cross-site scripting issue.

This problem comes up more and more often due to the rise of social networking and other Web 2.0 properties that embolden users. [...] Of course, BBCode inevitably comes up during these types of discussions, but I really hate the idea of using yet another markup language just because I'm too lazy to deal with HTML, especially if the markup language doesn't even try to be user-friendly.

He looks for a good solution, one that doesn't require learning a new markup or becoming overly complex (while avoiding strip_tags). He provides several chunks of code for different aspects of the method - first make the content safe, then move backwards in the translation for the items you want to allow.

0 comments voice your opinion now!
allow html prevent crosssitescript secure user content input allow html prevent crosssitescript secure user content input


blog comments powered by Disqus

Similar Posts

PHPBuilder.com: Securing Data Sent Via GET Requests

Nomad PHP: November 2013 - Ed Finkler, "More Code, More Problems"

Tim Koschuetzki's Blog: How To Transform HTML To Textile Markup - The CakePHP TextileHelper Revisite

Sebastian Bergmann\'s Blog: PHPUnit Talk at PHP Usergroup Munich

Community News: Release - HTML Purifier 2.0.0


Community Events

Don't see your event here?
Let us know!


version example language podcast introduction series release extension community library php7 api framework wordpress laravel voicesoftheelephpant unittest laravel5 interview opinion

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework