Level 75
You need something like html purifer. I think there is a version for laravel.
Like https://github.com/mewebstudio/Purifier
But look at others as well.
1 like
Nov 28, 2020
6
Level 5
What is the perfect way to Secure html data returned from Database ? PHP Native
I am using TinyMCE Editor to write some articles But I am using posted data without any protection.
when I store article data
$content = $_POST['content'];
I do not use
filter_input(INPUT_POST, 'content')
Because it converts html to string
...
When I display data I use
$content = $_POST['content'];
``
echo $content;
``
without any serialization..
I wanna secure data and in the same way want html to display as it is.
Level 5
@jlrdw I am using PHP Native
Level 25
@ebrahemsamer for native PHP this is the best option 👉http://htmlpurifier.org/docs
1 like
Level 73
You can alway resort to markdown instead. That way it's pretty secure from the start.
Something like this
Level 5
Level 73
Not against html that breaks your sites layout.
Not sure if adding javascript in it would do anything but according to this article it has some XSS potential risks.
https://medium.com/taptuit/exploiting-xss-via-markdown-72a61e774bf8
Please or to participate in this conversation.