Yalamber
Reputation: 7580
sanitizing html user inputs in php codeigniter
I have a user form where users can post comment on articles. i need to allow strong, em and span tags for user inputs. I know this can be achieved through strip_tags function but i also want the other tags not to stripped but be changed using say htmlspecialchars function so that tags can be seen in the page. I hope it made sense.
Upvotes: 0
Views: 1198
Answers (2)
Eric LaForce
Reputation: 2151
I think what you are looking for is the prep_for_form validation rule found here. Additionally you probably want to use xss_clean.
Upvotes: 0
Frank Farmer
Reputation: 39356
Strip tags isn't safe. It'd allow a tag like <strong onmouseover="alert('xss');">mouse over this lol</strong> through. Use HTMLPurifier
Upvotes: 2
Related Questions
- Best practice when sanitizing HTML form user input in PHP / CodeIgniter 4
- Sanitizing HTML input
- how sanitize input codeigniter 3?
- Codeigniter - best practice to sanitize input
- Sanitize user input if input has html
- Sanitize User Input via PHP
- Proper Form Input Sanitation
- Where to sanitize PHP $_POST[] input?
- PHP sanitisation for user input
- Sanitizing user input without converting to htmlentities