Best Practice: User generated HTML cleaning
- by Martin
I'm coding a WYSIWYG editor width designMode="on" on a iframe. The editor works fine and i store the code as is in the database.
Before outputing the html i need to "clean" with php on the server-side to avoid cross-site-scripting and other scary things. Is there some sort of best practice on how to do this? What tags can be dangerous?
UPDATE: Typo fixed, it's What You See Is What You Get. Nothing new :)