Menu
I am using Rich Text Editor for accepting input data which has HTML content from client side.
On the server side, I am using PHP based server and sanitize the incoming data.
Is there a builtin PHP functionality, which retains the HTML code and removes the presence of Javascript for XSS + SQL injection codes.
367
As far as I know, there is no existence of such a built in functionality.
The sanitize filters from http://php.net/manual/en/filter.filters.sanitize.php doesn't look to cover your request. You may take a look at http://php.net/manual/en/book.filter.php, but no filter is there set to filter HTML.
I know you don't ask for an external library, but this is the one I think that may help you with the issue you're facing: http://htmlpurifier.org/
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
