0

I have a user form where users can post comment on articles. i need to allow strong, em and span tags for user inputs. I know this can be achieved through strip_tags function but i also want the other tags not to stripped but be changed using say htmlspecialchars function so that tags can be seen in the page. I hope it made sense.

Improve this question

2 Answers 2

Reset to default
2

Strip tags isn't safe. It'd allow a tag like <strong onmouseover="alert('xss');">mouse over this lol</strong> through. Use HTMLPurifier

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I think what you are looking for is the prep_for_form validation rule found here. Additionally you probably want to use xss_clean.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.