• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
WYSIWYG HTML Editor and Security

#4
Thanks for your reply @PaulD - This indeed is a touchy subject and has been for myself for many years on the best outcome. - I think a limitation on tags allowed bundled with XSS is the best possible way to approach this.

I believe this may be the best way:

1) Use HTML purifier
2) Limit the amount of tags your user may use within Use HTML purifier. e.g. headings, strong, paragraph, ul/li
3) Use XSS protection provided by CodeIgniter
4) Do not use strip_tags() unless you plan to strip all tags (https://www.reddit.com/r/PHP/comments/nj...trip_tags/)

If anybody can add to this please let me know.
Reply


Messages In This Thread
WYSIWYG HTML Editor and Security - by whatsmyname - 10-22-2019, 03:49 PM
RE: WYSIWYG HTML Editor and Security - by PaulD - 10-23-2019, 12:54 AM
RE: WYSIWYG HTML Editor and Security - by whatsmyname - 10-23-2019, 05:33 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.