| WYSIWYG HTML Editor and Security |
Thanks for your reply @PaulD - This indeed is a touchy subject and has been for myself for many years on the best outcome. - I think a limitation on tags allowed bundled with XSS is the best possible way to approach this.
I believe this may be the best way: 1) Use HTML purifier 2) Limit the amount of tags your user may use within Use HTML purifier. e.g. headings, strong, paragraph, ul/li 3) Use XSS protection provided by CodeIgniter 4) Do not use strip_tags() unless you plan to strip all tags (https://www.reddit.com/r/PHP/comments/nj...trip_tags/) If anybody can add to this please let me know. |
| Messages In This Thread |
|
WYSIWYG HTML Editor and Security - by whatsmyname - 10-22-2019, 03:49 PM
RE: WYSIWYG HTML Editor and Security - by Avega Soft - 10-23-2019, 12:17 AM
RE: WYSIWYG HTML Editor and Security - by PaulD - 10-23-2019, 12:54 AM
RE: WYSIWYG HTML Editor and Security - by whatsmyname - 10-23-2019, 05:33 AM
|
