CodeIgniter Forums
How to remove html String in XSS filtering? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11)
+--- Thread: How to remove html String in XSS filtering? (/showthread.php?tid=73598)



How to remove html String in XSS filtering? - Geetha - 05-13-2019

Hi,

I need to remove Html tags when using XSS Filtering ,

$value  = "<p>[email protected]</p>"

 $val = $this->security->xss_clean($value);

But it's not removed Html tags, why ?? Use stripe_tags for remove Html Tags in Codelgniter.


RE: How to remove html String in XSS filtering? - Mr Lister - 05-13-2019

Hello,
That is not the intent of the xss_clean() method.  It is more geared for Java Script.

As the Codeigniter Security Class mentions, use the html_escape() function for escaping HTML.

The PHP function strip_tags() will remove HTML tags, not convert them. Alternatives for converting HTML entities to special characters are the PHP functions htmlspecialchars() and htmlentities().


RE: How to remove html String in XSS filtering? - Geetha - 05-13-2019

(05-13-2019, 03:29 PM)Mr Lister Wrote: Hello,
That is not the intent of the xss_clean() method.  It is more geared for Java Script.

As the Codeigniter Security Class mentions, use the html_escape() function for escaping HTML.

The PHP function strip_tags() will remove HTML tags, not convert them. Alternatives for converting HTML entities to special characters are the PHP functions htmlspecialchars() and htmlentities().

Thanq so much Lister.Thanx for your help.