Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
asdasdqwe2021-12-11 13:38:23
PHP
asdasdqwe, 2021-12-11 13:38:23

How to save text with tags in the database and display?

The user enters < b>hello b> - Save in the database as is

If output like this:
echo $text; //We see hello

But this is not safe, the user can enter a js script (xss attack)

If we escape:
echo htmlspecialchars($text ) //We see plain text as is < b>hello b>

How to make it so that the user can enter text with tags (create tables, text boldness, etc.), but cannot create anything else (scipt. input. select), etc.

For example, as in habr, I can change text boldness, italics, create a list - BUT <script> can't

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
F
FanatPHP, 2021-12-11
@asdasdqwe

htmlpurifier but it would be a million times better to use normal markdown instead of moronic html

Similar questions
N
nickostyle2014-04-22 13:05:16
Is it possible to repost from social networks to the site? 9Reply
S
student_it2015-04-19 11:49:55
How can I prevent the Referer from being sent when playing an audio file via the HTML Audio tag? 2Reply
S
Sergey Kulandin2015-04-20 12:45:33
Is crossfire radeon 7850+7870 stable? 3Reply
K
khudobinvasiliy2021-04-02 20:04:00
How to resolve 500 error on Flask Heroku? 3Reply
D
Dmitry2019-09-20 14:21:34
Does not download files from utorrent, openwrt firmware? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question