I have html table which displays content from email. this email content can be from any email client(browser , outlook ,thunderbird...). if this html is malformed it creates a mess in my html table.

for eg: if the email content has any unclosed tags or malformed table in it , it is destroying the structure of my table where i am displaying this email content.

Could you please tell me is there any alternative to display this content without any disturbance to my main table......

Here is the screen shot http://screencast.com/t/ilUA4b89

Thanks, Murali

2 Years
Discussion Span
Last Post by diafol

The email content column in the row should be "tagless", where all tags are stripped, as it's just a short preview of the first line or so (IMO). The issue is with the preview pane.

I don't know how useful something like HTML purifier would be:


As diafol said, you should strip all tags from the email content. It is for 2 major reasons 1)Remove unexpected display because you can't always predict what content users are using and 2)Much safer from XSS. In web development, you must always consider any input from any external source as tainted. Do not try to correct the content but rather transform it to be as plain (text) as it is.

Web development is not all about nice looking, but security is actually a lot more important and much harder to implement/maintain. Many of PHP developers do not understand or know about security, and their action causes many people to believe that PHP is an insecured language. Please do not be one of those who create this myth. Keep doing it the right way and others will understand and follow.



Your concerns would be running scripts and the destruction of your html following the insert. You may wish to use an iframe to hold the message body, as this should "contain" any problems.

strip_tags() is very useful as you can provide a whitelist of tags that you allow.

Stripping all tags sort of defeats the object of showing html emails. So just be careful of how you implement it. After all, tabular data stripped of table,tr,td,th etc tags would be nigh-on unreadbale.

Edited by diafol

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.