Level 24
use a package
Aug 3, 2017
3
Level 9
XSS protection raw HTML
Hello,
I am making a forum website where people can write their threads in a CKEDITOR. This editor outputs raw HTML. The HTML is shown using {!! $thread->body !!}.
Whenever someone writes a <script> tag, or an onclick attribute, it gets executed. I would like to prevent this, but still be able to display the HTML output.
What is the best way to handle this?
Level 9
Works like a charm :-) I must have missed this package while searching :/
1 like
Level 1
I developed this https://github.com/medilies/xssless because Purifier was destroying the HTML I was inputing.
Please or to participate in this conversation.