I want to block XSS attacks but I still want to allow HTML tags like <b><u><i><img><a> and YouTube video players. I don't want to be open for XSS attacks tho. I am using PHP.
Asked
Active
Viewed 482 times
2 Answers
3
I recommend using htmlpurifier, it is the most secure tool to filter html.
I suggest you also to read this great analysis of HTML sanistisation tools for php.
Nicolò Martini
- 5,182
- 4
- 32
- 38
1
strip_tags($string, "<b> <u> <i> <img> <a>");
This will not prevent someone from using onmouseover etc. though - you have to strip out Javascript.
Thomas O
- 6,026
- 12
- 42
- 60