tags:

views:

70

answers:

2
Q: 

sanitizing html user inputs in php codeigniter

I have a user form where users can post comment on articles. i need to allow strong, em and span tags for user inputs. I know this can be achieved through strip_tags function but i also want the other tags not to stripped but be changed using say htmlspecialchars function so that tags can be seen in the page. I hope it made sense.

+1  A: 

Strip tags isn't safe. It'd allow a tag like <strong onmouseover="alert('xss');">mouse over this lol</strong> through. Use HTMLPurifier

Frank Farmer  2010-05-05 16:48:51
A: 

I think what you are looking for is the prep_for_form validation rule found here. Additionally you probably want to use xss_clean.

Eric LaForce  2010-05-05 16:55:25

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?