Webber Depor
Reputation: 198
Prevent all html tags except <img>
In order to prevent XSS attacks to my site i use PHP regex like
$regex = '/[<>]/';
$preg_replace= ($regex, '', $text);
With this codes i delete < and > charaters so problem is done. However now i want that user can add <img> tag into my site while other tags like <script>must still be forbidden.How can i do that?
Upvotes: 0
Views: 1182
Answers (1)
Tom
Reputation: 596
You can use this:
http://htmlpurifier.org/
If that is not what you search, you can do this:
http://php.net/manual/en/function.strip-tags.php
strip_stags($string, '<img>');
Upvotes: 3
Related Questions
- How can I prevent SQL injection in PHP?
- UTF-8 all the way through
- RegEx match open tags except XHTML self-contained tags
- How do you parse and process HTML/XML in PHP?
- How can I prevent XSS with HTML/PHP?
- Remove HTML tags from a String
- How do I remove all non alphanumeric characters from a string except dash?
- Regex to detect all characters outside of the <img> tag
- ReqEx expression for form validation