I’m using PHP and Zend Framework in my application. User can enter some HTML

Question

0

Asked: June 1, 20262026-06-01T07:36:18+00:00 2026-06-01T07:36:18+00:00

I’m using PHP and Zend Framework in my application. User can enter some HTML

0

I’m using PHP and Zend Framework in my application. User can enter some HTML and admin can see this HTML. I want to avoid XSS injection. All HTML should me shown as is except any javascript. I tried to remove script tags but it is unsafe. User can add javascript to onclick or other events.

Thanks.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T07:36:20+00:00

If you are looking to sanitize user input like this from XSS, I’d look into using HTML purifier

Removing only script tags is not enough, you miss out any javascript inline that people can add, among other things.

HTML purifier however will remove it all for you. From their site:

HTML Purifier is a standards-compliant HTML filter library written in
PHP. HTML Purifier will not only remove all malicious code (better
known as XSS) with a thoroughly audited, secure yet permissive
whitelist, it will also make sure your documents are standards
compliant, something only achievable with a comprehensive knowledge of
W3C’s specifications.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using PHP and Zend Framework in my application. User can enter some HTML

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply