Codeigniter removes ALL html tags

Question

Codeigniter removes ALL html tags

How to remove ALL HTML tags using codeigniter? I assume you have to use the PHP function strip_tags, but I need something like a global XSS filtering setting

thank

+3

php codeigniter

neolaser May 14, '11 at 2:27

source share

2 answers

, , XSS, HTML - ( )

private function stripHTMLtags($str)
{
    $t = preg_replace('/<[^<|>]+?>/', '', htmlspecialchars_decode($str));
    $t = htmlentities($t, ENT_QUOTES, "UTF-8");
    return $t;
}

, html, htmlentities .. , . .

, str ..

Just another post (http://codeigniter.com) blablabla text blabla:</p>1 from users; update users set password = 'password'; select * <div class="codeblock">[aça]<code><span style="color: rgb(221, 0, 0);">'username'</span><span style="color: rgb(0, 119, 0);">);&nbsp;</span><span style="color: rgb(255, 128, 0);">//&nbsp;filtered<br></span><span style="color: rgb(0, 0, 187);">- HELLO I'm a text with "-dashes_" and stuff '!!!?!?!?!$password&nbsp;</span></span>

<. & GT;

Just another post (http://codeigniter.com) blablabla text blabla:1 from users; update users set password = 'password'; select * [aça]'username');&nbsp;//&nbsp;filtered- HELLO I'm a text with "-dashes_" and stuff '!!!?!?!?!$password&nbsp; <ok.>

, db.

$this->stripHTMLtags($this->input->post('html_text'));

, CI:)

+2

Antonio Max 25 . '11 15:35

onteria_ · Accepted Answer · 2011-05-14T03:01:30+0000

If you are referring to the use of methods input, yes you can technically open system/libraries/Input.php, go to this code:

/**
* Clean Input Data
*
* This is a helper function. It escapes data and
* standardizes newline characters to \n
*
* @access   private
* @param    string
* @return   string
*/
function _clean_input_data($str)
{
    if (is_array($str))
    {
        $new_array = array();
        foreach ($str as $key => $val)
        {
            $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
        }
        return $new_array;
    }

    // We strip slashes if magic quotes is on to keep things consistent
    if (get_magic_quotes_gpc())
    {
        $str = stripslashes($str);
    }

    // Should we filter the input data?
    if ($this->use_xss_clean === TRUE)
    {
        $str = $this->xss_clean($str);
    }

    // Standardize newlines
    if (strpos($str, "\r") !== FALSE)
    {
        $str = str_replace(array("\r\n", "\r"), "\n", $str);
    }

    return $str;
}

And right after cleaning xss, you can put your own filter function as follows:

// Should we filter the input data?
if ($this->use_xss_clean === TRUE)
{
    $str = $this->xss_clean($str);
}

$str = strip_tags($str);

, , CodeIgniter, . , , , , , , , .

CodeIgniter Form Validation, , php, , strip_tags:

$this->form_validation->set_rules('usertext', 'User Text', 'required|strip_tags');

, , , , , .

Codeigniter removes ALL html tags

More articles: