Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Safe way to escape iframe srcdoc value in PHP?

Tags:

html

php

escaping

iframe

Which PHP function is suited to escape HTML for usage in <iframe srcdoc="???">?

I found two candidates: htmlspecialchars() and htmlentities(). Which one should be used to allow any possible HTML code to be escaped properly?

like image 851
Silicomancer Avatar asked Dec 14 '25 01:12

Silicomancer

1 Answers

htmlspecialchars() does everything you need it too. htmlentities() is for special use cases, like Chinese characters, where you may want to escape them, even though it is not 100% required. htmlspecialchars() seems to be sufficient to protect you from any type of XSS.

like image 88
Bardi Harborow Avatar answered Dec 16 '25 19:12

Bardi Harborow
Sign in to Comment

Related questions

Laravel: Custom login redirects to /home instead of a /welcome page
MySQL for selecting MAXIMUM differences of two columns
PHP - spl_autoload_register Not Working with `namespace` and `use`
File for preset 'slower' not found in ffmpeg with linux
How to parse a file with a multiple JSONs in PHP(Laravel)?
CodeIgniter &get_instance() not working in php5.6 version?
How can I verify firebase token server side?
PHP cannot insert data
Session expires automatically after some amount of time in php
Using AppUI in Function
How can I enable moodle?
PHP and Elasticsearch include score/relevance in returned object
Laravel get rows with specific day and month
jQuery toggle function stops working after AJAX HTML data load
How to create routes with unlimited sub-pages in Laravel?
full calendar ajax looping when submitting form

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!