Hi!
I have been making a chat program.
In PHP I control user inputs with htmlentities so they can't write html. But this also ruins the precious æøåöüÿëäñ etc.. characters!
Would it be safe to only remove the < and >s?
Or is there another way to avoid this?
ErlendHL
0
Junior Poster in Training
Recommended Answers
Jump to Poststrip_tags method in php
http://php.net/manual/en/function.strip-tags.php
Jump to Postalthough you need to be a bit more precise as to what yer preventing...just html? or javascript/xss or some other form of malicious code ?
All 5 Replies
dos_killer
5
Junior Poster in Training
dos_killer
5
Junior Poster in Training
although you need to be a bit more precise as to what yer preventing...just html? or javascript/xss or some other form of malicious code ?
ErlendHL
0
Junior Poster in Training
although you need to be a bit more precise as to what yer preventing...just html? or javascript/xss or some other form of malicious code ?
I want to prevent that people ruins it. I want no loopholes.
dos_killer
5
Junior Poster in Training
http://www.the-art-of-web.com/php/parse-links/ to prevent all sorts of javascript ...
use htmplurifier ( google it ) for removing xss to be doubly sure about malicious javascript
strip_tags method to remove html ...
also i dont know how exactly your chat client is working so further security is up to you
ErlendHL
0
Junior Poster in Training
When I use htmlentities with the charset UTF-8, it works. Thanks for your help anyway :)
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.