Reputation: 127
How to disallow scripting tags in text boxes
I am trying to implement post functionality in my website and I am working on codeigniter(PHP). My problem is when I enter and submit:
<script>
alert("aaaa");
</script>
The JavaScript starts working and the code is executed when the page loads, so how to sanitize scripting tags in user input?
I want all kind of coding tags to be displayed as simple text in my text box when submitted
Upvotes: 1
Views: 646
Answers (3)
Reputation: 416
Disregard this answer, I'm leaving it here only for people who are misled by the original question about "script" tags, not "all HTML" tags.
If you would like to let your users enter arbitraty HTML code, but prevent XSS vulnerabilities, this is what HTML Purifier was built for.
This does also protect against iframe, embed, and the like. It is whitelist based and well tested.
Upvotes: 2
Reputation: 107
For More Information About htmlspecialchars http://php.net/manual/en/function.htmlspecialchars.php
Upvotes: 1
Reputation: 68476
Make use of htmlentities() if you are going to output the content on your browser.
echo htmlentities("<script>alert('aaaa');</script>");
Upvotes: 0
Related Questions
- how to hide html tags without remove it in php form
- how to prevent textbox php script coding?
- how to stop user putting HTML code in text inputs
- HTML input form disable tags
- How to prevent script tags in text from executing?
- Don't allow user to enter HTML tags in input
- Prohibit the posting of HTML in textarea form field
- Stop users from entering PHP code in textarea?
- disable text box from within php code
- CodeIgniter's XSS Protection is removing <script> tags from user inputs... but I don't want it to!