0

How to check if the string contains any tags <>. I need to sanitize my string from xss attacks or attacks like that. I am looking for a function which can santize my string in javascript and php.

This is what I have for java script , please let me know if this is correct ?

function parseThisString(strcode) { 
    var scripts = new Array();         
    while(strcode.indexOf("<") > -1 || strcode.indexOf("</") > -1) { 
        var s = strcode.indexOf("<");
        var s_e = strcode.indexOf(">", s);
        var e = strcode.indexOf("</", s);
        var e_e = strcode.indexOf(">", e);
        scripts.push(strcode.substring(s_e+1, e)); 
        strcode = strcode.substring(0, s) + strcode.substring(e_e+1); 
    }
    if (scripts.length >  0) { return 1; } else { return 0; }
}

Can you guys show me any solid string sanitizing function in php ? I found this answer but I didt know how to transilate this function to a single return with 0 or 1 (yes or no) . What is the correct way to detect whether string inputs contain HTML or not?

Please help me here . Thanks.

Community
  • 1
  • 1
user1846348
  • 241
  • 1
  • 10
  • 22
  • By sanitising, do you want to make the HTML "safe" so that you can output it onto the page, do you want to remove all HTML tags, or do you want a binary "yes/no" for whether a string contains HTML tags? – thatdamnqa Jan 25 '14 at 18:54
  • yes , HTML "safe", so that I can output links and all. – user1846348 Jan 26 '14 at 03:36

1 Answers1

3

You can escape any html tags using htmlspecialchars().

$string = htmlspecialchar($old_string);

You can remove all html tags from string using strip_tags().

$string = strip_tags($old_string);

But if you wanna know if there's html tags in the string, you can use this function, combinated with strip_tags().

function hasHTML($string) {
    if ($string != strip_tags($string))
        return true;
    else 
        return false;
}
aksu
  • 5,221
  • 5
  • 24
  • 39