php - prevent xss but allow all html tags

Question

Welcome To Ask or Share your Answers For Others

php - prevent xss but allow all html tags

posted Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

php - prevent xss but allow all html tags

I am building a blog and currently im finishing the admin panel.

Since i will be mostly who will be managing it... i want to make sure that when i type

<ul>
   <li>test</li>
   <li>test</li>
</ul>

will show me the unordered list but also prevent XSS tags just in case...

how could i do that?

could a solution be creating functions and replace the tags of ul, ol, img etc...?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-23T18:25:58+0000

What you are looking for is an HTML sanitizer. These are very hard to write correctly, so you should look at an existing library. For PHP, have a look at HTML Purifier.

Proper XSS protection involves more than html sanitizing. The Open Web Application Security Project (OWASP) has put together a canonical guide to avoiding XSS attacks:

XSS (Cross Site Scripting) Prevention Cheat Sheet

Categories

php - prevent xss but allow all html tags

php - prevent xss but allow all html tags

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags