Monday 12 August 2019

php - Sanitize POST content with HTML contents



I want to send HTML content by POST.

But when fetching it and sanitizing it it also cleans the HTML characters.



$Code = filter_var_array($value, FILTER_SANITIZE_STRING);


WHen I send :



I would like to Save this data



I receive :



I would like to Save this data


What should I change to create a safe string?



edit :
In my form I have a WYSIWYG editor (FCK Editor) and it's contents is where I am after.


Answer




I have used HTMLPurifier which is a PHP filter library to sanitize HTML input.



Basic usage is something like this;



include_once('/htmlpurifier/library/HTMLpurifier.auto.php');
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean['htmlData'] = $purifier->purify($_POST['htmlData']);

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...