PHP XSS Prevention WhiteListing

Posted by pws5068 on Stack Overflow See other posts from Stack Overflow or by pws5068
Published on 2010-06-07T19:57:41Z Indexed on 2010/06/07 20:02 UTC
Read the original article Hit count: 321

My site utilizes a WYSIWYG editor for users to update their accounts,enter comments, and send private messages.

The editor (CKEditor) is great for only allowing users to enter valid input, but I worry about injection through TamperData or other means.

How can I control this on the server side?

I need to whitelist specific tags: <b><ul><ol><a><img><br>, will this be a SAFE approach to preventing XSS?

© Stack Overflow or respective owner

Related posts about php

Related posts about validation