TalkPHP - how to filter textboxes or fields from xss

TalkPHP (http://www.talkphp.com/forums.php)

- Absolute Beginners (http://www.talkphp.com/absolute-beginners/)

- - how to filter textboxes or fields from xss (http://www.talkphp.com/absolute-beginners/2277-how-filter-textboxes-fields-xss.html)

sarmenhb

02-18-2008 06:04 PM

how to filter textboxes or fields from xss

i have a form with textboxes, textarea, and other fields.

how do i filter from having a user enter html or javascript or any other markup besides addslashes ?

TlcAndres

02-18-2008 06:07 PM

htmlentities and the like

sarmenhb

02-18-2008 06:14 PM

cool thnx

im wondering how to filter like myspace does for example if you do use it.

if you edit your profile and enter javascript for example

<script>alert(something);</script> and when you save your profile

myspace outputs it like this: ..alert(something);..
it converts javascript markup to dots.

TlcAndres

02-18-2008 06:17 PM

PHP Code:


		
			
$array = array('<script>'=>'...','</script>'=>'...');

$string = '<script>alert(something);</script>';

$nS = str_replace(array_keys($array),array_values($array),$string);

echo $nS;

Kalle

02-18-2008 07:38 PM

Use the php filter extension:

PHP: Filter - Manual

dylanfm

02-18-2008 09:58 PM

Or this glorious thing: HTML Purifier - Filter your HTML the standards-compliant way!

All times are GMT. The time now is 03:26 AM.