Sanitizing HTML input

php html sanitization
James P. picture James P. · Apr 1, 2011 · Viewed 15.5k times · Source

I'm thinking of adding a rich text editor to allow a non-programmer to change the aspect of text. However, one issue is that it's possible to distort the layout of a rendered page if the markup is incorrect. What's a good lightweight way to sanitize html?

Answer

mario picture mario · Apr 1, 2011

You will have to decide between good and lightweight. The recommended choice is 'HTMLPurifier', because it provide no-fuss secure defaults. As faster alternative it is often advised to use 'htmLawed'.

See also this quite objective overview from the HTMLPurifier author: http://htmlpurifier.org/comparison

Related questions

How to call a PHP function on the click of a button

I have created a page called functioncalling.php that contains two buttons, Submit and Insert. I want to test which function is executed when a button gets clicked. I want the output to appear on the same page. So, I …

Read More
How to set HTTP header to UTF-8 using PHP which is valid in W3C validator?

I have several PHP pages echoing out various things into HTML pages with the following code. <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> However, when I validate using the W3C validator it comes up with: The …

Read More
Convert HTML + CSS to PDF

I have an HTML (not XHTML) document that renders fine in Firefox 3 and IE 7. It uses fairly basic CSS to style it and renders fine in HTML. I'm now after a way of converting it to PDF. I have tried: …

Read More