Reputation: 721
Handle Html tags in input area
Need to allow/disallow some certain html tags in js side. Developing a laravel project where in some input box need to consider certain html elements.
Can be done using string replace function but will take much more time to maintain the list of not allowable items.like the following
function escapeHtml(unsafe) {
return unsafe
.replace(/&/g, "&")
.replace(/</g, "<")
.replace(/>/g, ">")
.replace(/"/g, """)
.replace(/'/g, "'");
}
Again the allowed html tag list can also be small so if just want to allow
then the unsafe list will be huge.
I can also do it in server side but cant get any proper source for that.
It will be so helpful if someone can just suggest me what would be the best way for maintaining this allow/disallow html tag list?
Upvotes: 0
Views: 346
Answers (2)
Reputation: 721
So finally what i decided is using htmlpurifier
https://github.com/mewebstudio/purifier
So in server side we can customize which page will allow which tag using this
Upvotes: 0
Reputation: 2129
Never use clientside JS to escape anything. Adversaries can easily block the execution of your JS file and bypass it.
Server side prepared statements are industry standard for what you want.
Prepared statements treat user inputs as non-executable strings that have no effect on any queries you make using these inputs (ie SQL Injections).
Upvotes: 1
Related Questions
- Retrieve the position (X,Y) of an HTML element
- Change an HTML input's placeholder color with CSS
- RegEx match open tags except XHTML self-contained tags
- How do you disable browser autocomplete on web form field / input tags?
- Where should I put <script> tags in HTML markup?
- HTML text input allow only numeric input
- Why does HTML think “chucknorris” is a color?
- HTML 5: Is it <br>, <br/>, or <br />?
- HTML: Valid id attribute values?
- Disable/enable an input with jQuery?