How to remove malicious HTML (XXS, etc.) from content materials?

Question

How to remove malicious HTML (XXS, etc.) from content materials?

I have a content presentation form that contains several input fields, all of which are sent directly to the database when sending. When this content is requested, it is printed.

I realized that this is a security issue.

How can I crop only malicious HTML (XSS) while retaining formatting tags ( b, ietc.)?

+3

javascript html webforms website

liamzebedee Jan 22 '11 at 6:54

source share

6 answers

htmlspecialchars , (, <b> <b>).

+1

thejh 22 . '11 8:10

mysql_stripslashes(), htmlspecialchars() urldecode(), , , int typecast.

0

atx 22 . '11 7:01

, "" html- - , <strong> <em>. , , , .

0

Kshitij Saxena -KJ- 22 . '11 7:02

, ...

PHP , :

htmlspecialchars

0

sTodorov 22 . '11 7:02

.

, : , javascript, - , javascript ,

, html

-, , . , <, > & <, > & .

, , , textarea

, html, .

, , , db.

, , , , , ,

Separate the characters <and >before exiting or storing - this is not a good solution, in my opinion, since this is an unnecessary change to user input, but some people prefer it.

0

Martin jespersen Jan 22 '11 at 8:05

source share

Yzmir Ramirez · Accepted Answer · 2011-01-23T05:00:30+0000

@pst ... . , , , HTML Tidy ( Source Forge), , DOMDocument:: loadHTML .

HTML Tidy , . . (. BLOB , - , -).

.

How to remove malicious HTML (XXS, etc.) from content materials?

More articles: