[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser

[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser

El Forum
Guest

06-17-2009, 11:46 PM

[eluser]bobbob[/eluser]
So I solved this myself I think.
It has not been widely tested but seems to make sense.

Code:
&lt;?php

 $body = stripslashes($body);

  $body = str_replace('&lt;!--','&lt;!--',$body);

  $body = str_replace('--&gt;','--&gt;',$body);

  echo $body;

?&gt;

That would be & l t ; ! - - and - - & g t ; without the spaces as that function is being done on my post too!

Messages In This Thread

[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - by El Forum - 06-17-2009, 10:43 PM

[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - by El Forum - 06-17-2009, 10:58 PM

[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - by El Forum - 06-17-2009, 11:17 PM

[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - by El Forum - 06-17-2009, 11:31 PM

[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - by El Forum - 06-17-2009, 11:33 PM

[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - by El Forum - 06-17-2009, 11:46 PM