I want to use htmlspecialchars on user’s textarea, but I want him to allow to use bold and italic. How can I not use htmlspecialchars on those tags?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to use htmlspecialchars on user’s textarea, but I want him to allow to use bold and italic. How can I not use htmlspecialchars on those tags?
Use the better-safe-than-sorry method. That is you first apply
htmlspecialchars, and then very selectively undo it / whitelist your two tags:That works only when those tags only contain those exact two strings, no extra attributes. No safety or consistency concerns with that however (except that this short version doesn’t assert balanced tags, ooops).
If you need more complex rules, then HTMLPurifier is what you should look out for.