CodeIgniter Forums

Full Version: How to remove html String in XSS filtering?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi,

I need to remove Html tags when using XSS Filtering ,

$value  = "<p>test@gmail.com</p>"

 $val = $this->security->xss_clean($value);

But it's not removed Html tags, why ?? Use stripe_tags for remove Html Tags in Codelgniter.
Hello,
That is not the intent of the xss_clean() method.  It is more geared for Java Script.

As the Codeigniter Security Class mentions, use the html_escape() function for escaping HTML.

The PHP function strip_tags() will remove HTML tags, not convert them. Alternatives for converting HTML entities to special characters are the PHP functions htmlspecialchars() and htmlentities().
(05-13-2019, 03:29 PM)Mr Lister Wrote: [ -> ]Hello,
That is not the intent of the xss_clean() method.  It is more geared for Java Script.

As the Codeigniter Security Class mentions, use the html_escape() function for escaping HTML.

The PHP function strip_tags() will remove HTML tags, not convert them. Alternatives for converting HTML entities to special characters are the PHP functions htmlspecialchars() and htmlentities().

Thanq so much Lister.Thanx for your help.