You do not need to sanitize anything before sending it to phpMailer, except to check if the email address was entered with a valid email address or not.
Data is deactivated for two reasons: SQL injection and XSS or CSRF (a script for the entire site or a cross-site request forgery) In any case, the user should see something as an output based on their input.
However, it’s good that you asked about the sanitization of postal classes, because, ideally, no one would ask for it. HTML tags? Of course you can send HTML tags! You can define the content type as text/html
What is needed for disinfection?
Type of attachment! Regardless of the exploit, the email client is always present in applications. Allow only the following mime types:
image / jpeg ',' image / pjpeg ',' image / gif ',' image / png ',' application / msword ',' application / vnd.ms-office ',' application / vnd.openxmlformats-officedocument.wordprocessingml. document ',' application / vnd.openxmlformats-officedocument.wordprocessingml.template ',' application / vnd.openxmlformats-officedocument.spreadsheetml.sheet ',' application / vnd.openxmlformats-officedocument.presentationml.presentation ',' application / PDF
Checking for Extentions file is NOT recommended! Since the mail client can use functions such as get_file_contents (), which simply opens the file in the browser, and if it is embedded in javascript with the JPEG extension, it will execute STILL! (in IE6 / IE7 he did), however, it is again the work of browsers to have a powerful parsing mechanism. Content sniffing
Make sure you have a size limit.
Operation may or may not be in the mail, the mail client must take care of this. However, as an encoder-mail client, these are two things you should take care of.
Hope that helps :)
Karma source share