Hi!
I have been making a chat program.
In PHP I control user inputs with htmlentities so they can't write html. But this also ruins the precious æøåöüÿëäñ etc.. characters!
Would it be safe to only remove the < and >s?
Or is there another way to avoid this?

although you need to be a bit more precise as to what yer preventing...just html? or javascript/xss or some other form of malicious code ?

although you need to be a bit more precise as to what yer preventing...just html? or javascript/xss or some other form of malicious code ?

I want to prevent that people ruins it. I want no loopholes.

http://www.the-art-of-web.com/php/parse-links/ to prevent all sorts of javascript ...

use htmplurifier ( google it ) for removing xss to be doubly sure about malicious javascript

strip_tags method to remove html ...

also i dont know how exactly your chat client is working so further security is up to you

When I use htmlentities with the charset UTF-8, it works. Thanks for your help anyway :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.