My simple implementation of PHP strip_tags()
aberba via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jun 28 12:14:19 PDT 2017
On Wednesday, 28 June 2017 at 18:51:41 UTC, Vladimir Panteleev
wrote:
> On Wednesday, 28 June 2017 at 18:08:12 UTC, aberba wrote:
>> I wanted strip_tags() for sanitization
>
> Careful. If you don't implement this correctly (and it may be
> surprisingly difficult to), you may expose your site to XSS
> attacks.
>
> Instead of stripping tags, you may want to encode HTML entities
> instead ('<' -> "<" etc.)
>
>> auto regex = ctRegex!(`</?(\w*)>`);
>
> This will not capture <script src="...">.
I'm already using prepared statements thoroughly. strip_tags()
has its own uses beside making it safe for db storage.
More information about the Digitalmars-d
mailing list