I got a textarea where the user can write an article. The article can

Question

0

Asked: May 29, 20262026-05-29T18:20:55+00:00 2026-05-29T18:20:55+00:00

I got a textarea where the user can write an article. The article can

0

I got a textarea where the user can write an article. The article can contain text (bold and italic), links and youtube videos. How do I allow those certain html tags and still post secure xss-preventing code?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-29T18:20:59+00:00

I would use HTMLPurifier, to ensure that you only keep HTML

That is valid
and only contains tags and attributes you’ve choosen to allow

I should add that PHP provides the strip_tags() function, but it’s not that good (quoting) :

Because strip_tags() does not actually validate the HTML, partial or
broken tags can result in the removal of more text/data than expected.

This function does not modify any attributes on the tags that
you allow using allowable_tags, including the style and onmouseover
attributes that a mischievous user may abuse when posting text that
will be shown to other users.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I got a textarea where the user can write an article. The article can

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply