It’s a long time that I wonder the best way to both secure input

Question

0

Asked: May 25, 20262026-05-25T20:50:27+00:00 2026-05-25T20:50:27+00:00

It’s a long time that I wonder the best way to both secure input

0

It’s a long time that I wonder the best way to both secure input and allow some html tags in some particular cases.

The typical situation is an admin who wants to write an article on xss (for example), which will be stored in a database, and will be shown to the users. This admin would have the chance to write tags like <b> to format the text but also like <javascript> to explain the attack. If I use Zend_Filter_StripTags I can allow the admin to put harmless html tag like <b> in the text but, for security reason, I cannot allow him to put tags like <javascript>.

On the other hand, if I use Zend_Filter_HtmlEntities I allow the admin to write every tags safely but when the article is shown, the text is not formatted. At last, if I use Zend_Filter_HtmlEntities and a decode method before the system shows the article, I’ve the same problem of the first case.

Does anyone know the best method to solve this problem?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T20:50:28+00:00

Editorial Team

2026-05-25T20:50:28+00:00Added an answer on May 25, 2026 at 8:50 pm

Use Zend_Filter_HtmlEntities to escape all HTML tags and then use Zend_Markup to provide formatting via BBCode annotations.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

It’s a long time that I wonder the best way to both secure input

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply