Best Practice: User generated HTML cleaning
Posted
by Martin
on Stack Overflow
See other posts from Stack Overflow
or by Martin
Published on 2010-05-05T14:26:22Z
Indexed on
2010/05/05
14:38 UTC
Read the original article
Hit count: 248
I'm coding a WYSIWYG editor width designMode="on" on a iframe. The editor works fine and i store the code as is in the database.
Before outputing the html i need to "clean" with php on the server-side to avoid cross-site-scripting and other scary things. Is there some sort of best practice on how to do this? What tags can be dangerous?
UPDATE: Typo fixed, it's What You See Is What You Get. Nothing new :)
© Stack Overflow or respective owner