SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    622
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    dont display <div><a> tags in content

    hi all

    this is the "content" stored in the database with <div><a> tags

    HTML Code:
    <div style="font-size:14px">lorem ipsume lorem ipsume lorem ipsume lorem ipsume lorem ipsume lorem ipsume lorem ipsume <a href="http://yahoo.com">lorem ipsume</a> <div>
    If i use
    PHP Code:
    htmlspecialchars($content
    then content is displayed as it is with <div style="font-size:14px"><a> tags.

    i dont want to show these tags <div style="font-size:14px"><a> while displaying content on my page to client.

    I dont want to remove/strip these tags and want these tags to only be visible when we click on "view source" browser option.

    what should i use

    vineet

  2. #2
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,496
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    If you want the <div> and <a> tags to be handled by the browser as tags, then don't use htmlspecialchars. Just echo the content as you get it from the database.

    If there are any tags (<script> for example) you want to strip, use strip_tags. But really you should have eliminated any tags you don't want to have before you stored the data in the database.

  3. #3
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    622
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by guido2004 View Post
    If you want the <div> and <a> tags to be handled by the browser as tags, then don't use htmlspecialchars. Just echo the content as you get it from the database.

    If there are any tags (<script> for example) you want to strip, use strip_tags. But really you should have eliminated any tags you don't want to have before you stored the data in the database.
    hi guido

    if i use
    PHP Code:
    strip_tags($content,"<div><a>"); 
    Then will it protected me against XSS or not ?

    vineet


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •