Re: Close all open tags in HTML text

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I realize that I can use the strip_tags function to remove HTML.  But I 
don't want to remove HTML tags.  I just want to make sure all open HTML tags 
are closed.  For example if they user submits HTML with a <table> tag and 
never closes it, then the rest of the page will look screwed up.  I still 
want to allow them to use HTML, but I want to close tags that were left open 
by them.  This way it allows them to use HTML and it won't screw up the rest 
of the page.

Thanks,

Matt



"Richard Lynch" <ceo@xxxxxxxxx> wrote in message 
news:2365.66.99.91.45.1102714129.squirrel@xxxxxxxxxxxxxxxx
> Matt Palermo wrote:
>>  I would like to leave any HTML in there,
>
> Do you *TRUST* the people typing the HTML to not attack your server, or
> others, with cross-site scripting attacks?
>
> If not, go re-read the manual about strip_tags, and pay particular
> attention to the second, optional, argument.
>
>> but just make sure that ending
>> tags exist, so it doesn't screw up the rest of the page.  Strip tags 
>> would
>> just wipe out the HTML rather than allowing it and ending it safely.
>
> Strip tags will allow you to wipe out *DANGEROUS* HTML which will make
> your web server a source of problems not only to you, but to me as well.
>
> Please use strip_tags to allow only the tags you *NEED* the users to be
> able to use.
>
> It will only take you seconds, and it will save you (and us) a lot of
> grief in the long run.
>
> -- 
> Like Music?
> http://l-i-e.com/artists.htm 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux