I am using the tinymce WYSIWIG Editor so the user can add some HTML tags. Currently, I display the data in raw form but I feel the need to escape unwanted HTML tags and attributes to make it more secure and stable.
I searched and found this solution: How Do I use htmlspecialchars but allow only specific HTML code to pass through without getting converted?
But I feel like search and replace in HTML code does not work very well and seeking a better more up to date solution. Like what about attributes? Looks like tinymce creates <span> with style="".
from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/24ZYdvw
via IFTTT
Aucun commentaire:
Enregistrer un commentaire