Home/ Questions/Q 4013220
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T09:20:40+00:00

Is htmlentities best solution to prevent XSS in PHP? Also I would like to

  • 0

Is htmlentities best solution to prevent XSS in PHP? Also I would like to allow simple tags like b, i, a and img. What would be the best solution to implement this? I did consider bbcode but found out if not implemented properly I too will have XSS problem. What should I do? Any good third-party library is welcome.

EDIT:

I just tried HTML Purifier and it failed on this case. Just see this example

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    For that, I would go for the HTML Purifier, and yes you can specify your whitelist tags there too.

    HTML Purifier is a standards-compliant
    HTML filter library written in PHP.
    HTML Purifier will not only remove all
    malicious code (better known as
    XSS) with a thoroughly audited,
    secure yet permissive whitelist    , it
    will also make sure your documents are
    standards compliant, something only
    achievable with a comprehensive
    knowledge of W3C’s specifications.

    I know there are certain functions in PHP language for that but I would prefer a dedicated solution instead.

    • 0