Kris
Reputation: 1069
Removing html, javascript etc from POST
I got a simple script which I'm using to POST one world and then to display it with lines from list_of_files.txt. Just noticed that I can POST JavaScript, PHP and Html. How I strip this?
$files=file('list_of_files.txt');
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
foreach($files as $list)
{
$extension = $_POST['extension'];
echo trim($list) . trim($extension);
echo "</div>";
}
}else{
?>
Upvotes: 0
Views: 122
Answers (2)
hresult
Reputation: 301
strip_tags($str) (http://php.net/manual/de/function.strip-tags.php) will remove ALL HTML tags
Example:
name=<strong>Finn</strong>&last_name=<script>alert('XSS');</script>
PHP:
$normal = $_POST['name']; //<strong>Adam</strong>
$stripped = strip_tags($_POST['name']); //Adam
Upvotes: 4
Brad Christie
Reputation: 101614
Are you looking for strip_tags?
This function tries to return a string with all NULL bytes, HTML and PHP tags stripped from a given str. It uses the same tag stripping state machine as the fgetss() function.
if you're looking to output, you can use htmlspecialchars.
The translations performed are:
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
"'" (single quote) becomes ''' (or ') only when ENT_QUOTES is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'
Upvotes: 3
Related Questions
- PHP Remove JavaScript
- remove post html, js, css on insert into mysql
- PHP remove html and php code from user input
- Remove javascript from user input but still allow html with PHP?
- Remove certain html tags from text based content
- How to remove Javascript Tag from Posted Content
- How can I get rid of all JavaScript from an HTML page?
- How do I strip all javascript out of an HTML document using PHP?
- Remove everything but certain HTML tags in PHP
- PHP removing HTML from POST data