Reputation: 1531
Remove script tags using javascript or php
The title may not be very clear but I will clearly explain my problem here.
I am designing a website for my institute in which I had to provide a editor where user can create html pages and save them to certain folder (user wouldn't know the exact folder, it's created using php while registration). I have decided to use ck-editor for the editor purpose. To save the data I send a post request using ajax to a php script which simply uses
file_put_contents("folder/file_name.html",$_POST['data'])
To show the pages view_page.php accepts the file name as a get variable and then includes the html file e.g.
URL:
view_post.php?file_path=user/good.html
PHP CODE:
<?php
try{
@include_once("ed423eba62af16d6ab38cbfd2295b304/".$_GET['file_name']);
}
catch(Exception $e){
echo "Can't find the requested file.";
}
?>
Now the problem I am facing is that if user submits data that contains some script tags I have to make sure that the script tags doesn't get saved or doesn't run when the page loads. How can I do that?
Upvotes: 0
Views: 929
Answers (1)
Reputation: 6864
You can try strip_tags() - http://www.php.net/strip_tags or HTML Purifier - http://htmlpurifier.org/
I would suggest HTML Purifier.
Upvotes: 2
Related Questions
- remove script tag from HTML content
- Remove everything within script and style tags
- How do I use JQuery to remove all "script" tags in a string of HTML?
- How to configure CKEditor to strip <script> tags from <head>?
- ckeditor: how to remove tags inside other specific tags
- CKEditor remove tags server side
- CKEditor - remove script tag with data processor
- Remove <script> tags using jQuery
- strip_tags, remove javascript
- Remove <script> and other tags with php