Reputation:
PHP - Plugin or library for whitelisting certain HTML tags
I am running a blog which other visitors can post on. I want to allow certain HTML tags like headers, linebreaks or links. What is a good or best piece of plugin software I can use for this?
Additionally, is it best practise to save the raw data and then whitelist it when it is time for display in the blog. Or shall I whitelist the data before saving it to the database, so that it is saved clean?
Upvotes: 0
Views: 65
Answers (1)
Reputation: 191789
The built in function strip_tags already has whitelist functionality that works quite nicely.
As for storage, it's a judgment call, but I recommend storing everything in its raw state and encoding for display only. It's only a concern if you think you may accidentally forget to strip/encode on display.
Upvotes: 1
Related Questions
- How to allow html tags on textarea, PHP to MySQL?
- How to allow special tags in php?
- Don't allow user to enter HTML tags in input
- Are there any good PHP based HTML filters available?
- How to block HTML code in form?
- How to filter html characters out, so user cant mess with a website? PHP
- Filter HTML on php
- How can I allow only HTML into my database?
- PHP prevent HTML in form text field?
- Allow user submitted HTML in PHP