Extending strip_tags() for allowing certain html tags

This is a discussion on Extending strip_tags() for allowing certain html tags within the PHP General forums, part of the PHP Programming Forums category; I found some code at http://marc.theaimsgroup.com/?l=php-...2414231212&w=2 that was meant to extend ...


Go Back   Usenet Forums > PHP Programming Forums > PHP General

Reload this Page Extending strip_tags() for allowing certain html tags

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-29-2003
Gerard Samuel
 
Posts: n/a
Default Extending strip_tags() for allowing certain html tags
I found some code at
http://marc.theaimsgroup.com/?l=php-...2414231212&w=2
that was meant to extend strip_tags() where it wouldn't be
blindly prone to XSS attacks via tag attributes.
Unfortunately, that code works too good.
If one were to pass a legal <img> tags like
<img src="http://us2.php.net/images/php_snow.gif" />
It gets reduced to <img>

Does anyone have any suggestions on how to modify that code (or any code),
where one is bypassing certain tags, while keeping those certain tags
"safe" (as safe as one can be)

Thanks for you suggestions.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:03 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0