• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to remove html String in XSS filtering?

#1
Hi,

I need to remove Html tags when using XSS Filtering ,

$value  = "<p>test@gmail.com</p>"

 $val = $this->security->xss_clean($value);

But it's not removed Html tags, why ?? Use stripe_tags for remove Html Tags in Codelgniter.
Geetha
Reply

#2
Hello,
That is not the intent of the xss_clean() method.  It is more geared for Java Script.

As the Codeigniter Security Class mentions, use the html_escape() function for escaping HTML.

The PHP function strip_tags() will remove HTML tags, not convert them. Alternatives for converting HTML entities to special characters are the PHP functions htmlspecialchars() and htmlentities().
Reply

#3
(05-13-2019, 03:29 PM)Mr Lister Wrote: Hello,
That is not the intent of the xss_clean() method.  It is more geared for Java Script.

As the Codeigniter Security Class mentions, use the html_escape() function for escaping HTML.

The PHP function strip_tags() will remove HTML tags, not convert them. Alternatives for converting HTML entities to special characters are the PHP functions htmlspecialchars() and htmlentities().

Thanq so much Lister.Thanx for your help.
Geetha
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.