NYCPHP Meetup

[nycphp-talk] User Input Data scrubbing

Chris Shiflett shiflett at php.net
Fri Nov 28 15:47:05 EST 2008


On Nov 28, 2008, at 15:26, Elijah Insua wrote:

> Html/Cross Site Scripting is more along the lines of what you are  
> talking about.  There are tons of libraries out there that attempt  
> to kill off as many of these as possible.

The best one of these happens to be written in PHP:

http://htmlpurifier.org/

If your needs are extremely simple, HTML Purifier might be more than  
you need, in which case a simple solution like this might work:

http://shiflett.org/blog/2007/mar/allowing-html-and-preventing-xss

Hope that helps.

Chris

--
Chris Shiflett
http://shiflett.org/



More information about the talk mailing list