Welcome Guest, Not a member yet? Register   Sign In
How to remove html String in XSS filtering?
#1

Hi,

I need to remove Html tags when using XSS Filtering ,

$value  = "<p>[email protected]</p>"

 $val = $this->security->xss_clean($value);

But it's not removed Html tags, why ?? Use stripe_tags for remove Html Tags in Codelgniter.
Geetha
Reply
#2

Hello,
That is not the intent of the xss_clean() method.  It is more geared for Java Script.

As the Codeigniter Security Class mentions, use the html_escape() function for escaping HTML.

The PHP function strip_tags() will remove HTML tags, not convert them. Alternatives for converting HTML entities to special characters are the PHP functions htmlspecialchars() and htmlentities().
Reply
#3

(05-13-2019, 03:29 PM)Mr Lister Wrote: Hello,
That is not the intent of the xss_clean() method.  It is more geared for Java Script.

As the Codeigniter Security Class mentions, use the html_escape() function for escaping HTML.

The PHP function strip_tags() will remove HTML tags, not convert them. Alternatives for converting HTML entities to special characters are the PHP functions htmlspecialchars() and htmlentities().

Thanq so much Lister.Thanx for your help.
Geetha
Reply




Theme © iAndrew 2016 - Forum software by © MyBB