Remove javascript from user input but still allow html with PHP?
I want to allow users to write html into a form field but exclude javascript. Is there simple code or a library that will do this?
I've looked into using HTML Purifer but I'm not quite sure how to configure it to run in the way I am looking for. I think I would have to specify all the tags that I am allowing into HTML.allowed. I could come up with an exhaustive list, I guess, but if there is an easier way, I'd rather 开发者_开发知识库do that.
strip_tags()
takes a second argument $allowable_tags
so no need for external libraries or classes but yes, you will have to allow any tags you want to allow. Honestly, there are not so many tags. You may also want to disallow <style>
http://php.net/manual/fr/function.strip-tags.php
精彩评论