vinpkl
October 24, 2012, 7:26am
1
hi all
this is the “content” stored in the database with <div><a> tags
<div style="font-size:14px">lorem ipsume lorem ipsume lorem ipsume lorem ipsume lorem ipsume lorem ipsume lorem ipsume <a href="http://yahoo.com">lorem ipsume</a> <div>
If i use
htmlspecialchars($content)
then content is displayed as it is with <div style=“font-size:14px”><a> tags.
i dont want to show these tags <div style=“font-size:14px”><a> while displaying content on my page to client.
I dont want to remove/strip these tags and want these tags to only be visible when we click on “view source” browser option.
what should i use
vineet
If you want the <div> and <a> tags to be handled by the browser as tags, then don’t use htmlspecialchars. Just echo the content as you get it from the database.
If there are any tags (<script> for example) you want to strip, use strip_tags . But really you should have eliminated any tags you don’t want to have before you stored the data in the database.
vinpkl
October 24, 2012, 9:10am
3
guido2004:
If you want the <div> and <a> tags to be handled by the browser as tags, then don’t use htmlspecialchars. Just echo the content as you get it from the database.
If there are any tags (<script> for example) you want to strip, use strip_tags . But really you should have eliminated any tags you don’t want to have before you stored the data in the database.
hi guido
if i use
strip_tags($content,"<div><a>");
Then will it protected me against XSS or not ?
vineet