Reputation: 163
htmlentities displaying html safely
I have data that is coming in from a rss feed. I want to be safe and use htmlentities but then again if I use it if there is html code in there the page is full of code and content. I don't mind the formatting the rss offers and would be glad to use it as long as I can display it safely. I'm after the content of the feed but also want it to format decently too (if there is a break tag or paragraph or div) Anyone know a way?
Upvotes: 0
Views: 325
Answers (3)
Reputation: 93348
You can transform the HTML into mark down and then back up again using various libraries.
Upvotes: 0
Reputation: 382726
You can use the strip_tags tags function and specify the allowed tags in there:
echo strip_tags($content, '<p><a>');
This way any tag not specified in allowed tags will be removed.
Upvotes: 1
Reputation: 165201
Do you want to protect from XSS in the feed? If so, you'll need an HTML sanitizer to run on the HTML prior to displaying it:
If you just want to escape whatever is there, just call htmlspecialchars() on it. But any HTML will appear as escaped text...
Upvotes: 1
Related Questions
- htmlentities and é (e acute)
- Why does the htmlentities function not properly work?
- htmlentities and htmlspecialchars stops text from displaying
- How to properly use htmlentities() and deal with XSS while still allowing quotes
- htmlentities() double encoding entities in string
- PHP htmlentities
- Using htmlentities in a string
- PHP htmlentities
- PHP htmlentities() without converting html tags
- PHP Htmlentities - double encoded