Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3

Thread: Sanitize HTML

  1. #1
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,460
    Thanks
    71
    Thanked 102 Times in 101 Posts

    Sanitize HTML

    I have a built in mail form on my website, which people can send messages to each other. However the name and subject is prone to HTML inject attacks.

    How can I sanitize the HTML so this can't happen?

  • #2
    The Apostate Apostropartheid's Avatar
    Join Date
    Oct 2007
    Posts
    3,215
    Thanks
    16
    Thanked 265 Times in 263 Posts
    Not much you can do to the HTML. Your form processor is the weak link. You will need knowledge of how server-side languages work to do this.

    Edit: Hang on, I just understood you.
    Most server-side languages allow you to change HTML into their respective entities so it doesn't work. The PHP version is htmlspecialchars().
    Last edited by Apostropartheid; 07-04-2010 at 03:48 PM.

  • #3
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,460
    Thanks
    71
    Thanked 102 Times in 101 Posts
    Alright I will post this in PHP. Thanks


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •