I want to validate the data entered in tinymce editor in server side in PHP. I need to allow standard html tags but need to avoid scripts and style tags attached to html elements. Please help me.
3
-
1strip tags– Michael KunstCommented Jul 19, 2013 at 9:50
-
stackoverflow.com/questions/1336108/…– Dinuka ThilangaCommented Jul 19, 2013 at 9:51
-
I want to validate the content to see whether it has script tag style tag etc instead of modifying the content.– NishCommented Jul 19, 2013 at 10:08
Add a comment
|
2 Answers
use DOMDocument
to load the html generated with tinymce and search for your restricted html with DOMXPath
Have a look at the javascript strip_tags
function mentioned here: TinyMCE Paste As Plain Text
You need to apply this before you send the code to the server.
-
Just like your server side should be validating your regular input controls that could be accepting text that is attempting a SQL injection, you need to validate on the server that text seemingly from TinyMCE doesn't have malicious scripts. You can't trust client-side code as it's trivial to bypass validations and special characters and tags won't get automatically escaped or stripped by TinyMCE.– csrowellCommented Nov 1, 2023 at 18:51
-
that is correct - server side measures sdould be in place too, but strip_tags is one way to make it more difficult– ThariamaCommented Nov 3, 2023 at 8:22
-
Won’t
strip_tags
get rid of the standard html tags the OP wants to keep?– csrowellCommented Nov 3, 2023 at 13:35 -
1not necessarily, the second paramter of strip_tags allows to insert allowed tags that do not get tripped– ThariamaCommented Nov 6, 2023 at 15:12