rohitnaidu19
Reputation: 693
HTML comment tag input validation in php
I have a form where users can fill comments in text boxes. Later I display the same fields on a page. While testing I tried inserting HTML comment tag as a comment. When I displayed the page it got messed up due to html comment tag. I am doing input validation but cannot block all symbols. Is there some security measure i have missed?
Even stackoverflow.com doesn't filter it. Try the html comment tag in any comment.
Upvotes: 0
Views: 478
Answers (1)
Rasclatt
Reputation: 12505
You can use htmlentities($string) or htmlspecialchars($string) to encode your output so it encodes your html tags instead of writing raw html to the page.
htmlspecialchars()
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
htmlentities()
<?php
$str = "A 'quote' is <b>bold</b>";
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str);
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str, ENT_QUOTES);
?>
Upvotes: 3
Related Questions
- Laravel Validation İssue
- Limit Comment in Post Laravel
- The comment field is required
- Customize validation for HTML input
- How to validate HTML <input> multiple attribute in Laravel 5.2?
- Laravel form validation
- Input validation in laravel?
- Validation for comment forms
- PHP / AJAX / Jquery Comment Form Validation
- How to not allow someone to throw HTML into a forum comment