I want to block XSS attacks, but I still want to allow HTML tags such as <b><u><i><img><a> and YouTube video players. I do not want to be open to XSS attacks. I am using PHP.
<b><u><i><img><a>
I recommend using htmlpurifier , it is the safest html filtering tool.
I suggest you also read an excellent analysis of sanistisation tools for PHP .
strip_tags($string, "<b> <u> <i> <img> <a>");
This will not stop anyone from using onmouseover, etc., though - you need to disable Javascript.
Source: https://habr.com/ru/post/1440387/More articles:How to use Microsoft C ++ distributors - c ++J2ME serialization - javahow to add image to my title in iText generated pdf? - javahttps://translate.googleusercontent.com/translate_c?depth=1&rurl=translate.google.com&sl=ru&sp=nmt4&tl=en&u=https://fooobar.com/questions/1440385/getting-access-to-sql-in-broadcastreceiver&usg=ALkJrhi-TDIcEOdF-NbbdefUUFZRYteOuwRemove XSS attacks while maintaining html? - phpWCF - "Request for security token cannot be satisfied because authentication failed" - c #Reduce height between components of Bootstrap form - csshttps://translate.googleusercontent.com/translate_c?depth=1&rurl=translate.google.com&sl=ru&sp=nmt4&tl=en&u=https://fooobar.com/questions/1440390/javascript-add-carriage-returns-to-string-for-readability&usg=ALkJrhhcS-SCnG35iNW9bELOGHQ5NploIQError message: Security token request could not be satisfied because authentication failed - c #Is it possible to cut off child processes and wait for them to return to Node / JS? - javascriptAll Articles