Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
asdasdqwe2021-12-11 13:38:23
PHP
asdasdqwe, 2021-12-11 13:38:23

How to save text with tags in the database and display?

The user enters < b>hello b> - Save in the database as is

If output like this:
echo $text; //We see hello

But this is not safe, the user can enter a js script (xss attack)

If we escape:
echo htmlspecialchars($text ) //We see plain text as is < b>hello b>

How to make it so that the user can enter text with tags (create tables, text boldness, etc.), but cannot create anything else (scipt. input. select), etc.

For example, as in habr, I can change text boldness, italics, create a list - BUT <script> can't

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
F
FanatPHP, 2021-12-11
@asdasdqwe

htmlpurifier but it would be a million times better to use normal markdown instead of moronic html

Similar questions
K
Kostylev20212021-06-03 16:13:45
How to remove unwanted lines? 4Reply
I
ibrohim272019-12-25 23:38:22
How to log into the admin panel on kms jQuery? 1Reply
S
Sasha2015-08-24 11:21:31
How to do font smoothing in firefox? 5Reply
E
Eugene2020-01-08 08:21:24
Is it safe to pass your ip to communicate with ftp? 4Reply
K
Kirill Petrov2015-09-02 16:18:51
How to compose a query in MySQL to sort by value? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question