0

Hi,

Let's say I have a textarea to collect user inputs. Someone turns up and writes a html code (eg. a table of something, or a img tag with src to naked image, a div with 10000px width and height ....) instead of plain text into it. It wouldn't be nice when I print it on my website. How do I avoid it?

Thanks

3
Contributors
3
Replies
4
Views
5 Years
Discussion Span
Last Post by veledrom
0

If you wanting to allow some html I recommend the HTML Purifier library. Kind of bulky but does the job.

The other way to prevent it from breaking your site, is to run the text through htmlentities so it will display as text no matter what.

Edited by somedude3488

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.