News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Reddit.com:
What everyone should know about strip_tags()
December 20, 2011 @ 10:58:00

In this new post to Reddit, the author shares a bit of their knowledge on what they think everyone should know about strip_tags and some of the issues that can come with it (including security problems).

strip_tags is one of the common go-to functions used for making user input on web pages safe for display. But contrary to what it sounds like it's for, strip_tags is never, ever, ever the right function to use for this and it has a lot of problems.

Specific problems mentioned include "eating" of valid text, not preventing typed HTML entities, the whitelist of tags opening holes and character set issues that could have security implications. Other tools are recommended in both the article and the comments like HTML Purifier, the option of BBCode and Markdown.

0 comments voice your opinion now!
striptags security problem alternative advice


blog comments powered by Disqus

Similar Posts

Johannes Schluter's Blog: Escaping from the statement mess

Greg Beaver\'s Blog: Why it is very important to upgrade to PEAR 1.4.6 from PEAR 1.3.x

Stanislav Malyshev: unserialize() and being practical

Chris Shiflett's Blog: OWASP PHP Top 5

Reign's SourceRally Blog: The PHP coder's top 10 mistakes and problems


Community Events

Don't see your event here?
Let us know!


laravel development introduction security voicesoftheelephpant library api php7 release unittest opinion version laravel5 extension framework community podcast series interview language

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework