Reputation: 1472
Tinymce and javascript - PHP Validation
I'm using Tinymce on my blog writing, but there seems to be a problem when using htmlspecialchars with PHP. All my
tags etc, shows up, and i want the styling of the P tag. Is there any way i can fix this? if i remote htmlspecialchars the site will be open for XSS etc, cause of javascript.
Dose anyone have a similar problem? and know how i can fix this? maybe remove some TinyMCE valdiation stuff or something?
Upvotes: 0
Views: 1178
Answers (2)
Reputation: 2553
I use also TiniMCE. I use nothing but the below codes, which helps me.
$allowedTags='<p><strong><em><u><h1><h2><h3><h4><h5><h6><img>';
$allowedTags.='<li><ol><ul><span><div><br><ins><del>';
$new_msg = strip_tags(stripslashes($_POST['msg']), $allowedTags);// Posted data from tiniMCE text area
Try this above. This is save from XSS or other attack
Upvotes: 2
Reputation: 4299
If you allow user to use TinyMCE , then you must remove all style of HTML tag and script . Then save direct to database , don't need to use htmlspecialchars.
If only a you can post then you don't need sanitize anything .
Upvotes: 1
Related Questions
- TinyMCE and HTML5 form validation
- tinyMCE jQuery form validation
- TinyMCE jQuery validation issue
- How to get TinyMCE and Jquery validate to work together?
- tinyMCE empty validation check
- Saving data from tinyMCE editor using jQuery
- TinyMCE Javascript Validation
- TinyMCE validation error
- tinymce trigger html validation
- Using the jQuery Validate plugin with the TinyMCE editor