Clever Geek Handbook

Validate HTML embed code using PHP or javascript or PHP framework (Zend)

just a question. Is there a good practice for validating HTML embed code? fyi, I am using Zend Framework and prototype + scriptaculous right now. it would be great if someone could make this environment clear.

Thank! ^^

+2


source to share


2 answers


If you want to allow the user to enter HTML and then display it on your website, HTMLPurifier is a really great solution .

It requires some "kind" of HTML code as input and returns valid-HTML, allowing you to specify which tags and attributes should be allowed — all others will be removed.

This way, if your users enter invalid HTML, you'll still end up with valid HTML (less risk of destroying your layout when rendered), and if you only provide a couple of harmless tags and attributes, a great plus for security.

If you want to give it a try without integrating it into your application, a demo page is available there by the way.

For example, if I enter something like this:



<p>
this <b>is a<i>test</b></i>
with a not <em>closed tag
and a <a href="http://google.com" onclick="alert('bouh');">link</a>
and some <script type="text/javascript>alert('script');</script>
</p>

The HTML I receive as output will be :

<p>
this <b>is a<i>test</i></b>
with a not <em>closed tag
and a <a href="http://google.com">link</a>
and some </em></p>

those. the tags are in order (closed, in the correct order), the script tag has been removed, and therefore has the onclick attribute of the link.

+8


source


Doubt this is a little hazy, but it looks like you are getting html and you want to redraw it on your site.



Your best bet is to compile a set of accepted HTML and remove any tags that don't match.

+1


source






More articles:


All Articles