0

I'm using Tinymce on my blog writing, but there seems to be a problem when using htmlspecialchars with PHP. All my

tags etc, shows up, and i want the styling of the P tag. Is there any way i can fix this? if i remote htmlspecialchars the site will be open for XSS etc, cause of javascript.

Dose anyone have a similar problem? and know how i can fix this? maybe remove some TinyMCE valdiation stuff or something?

Improve this question

2 Answers 2

Reset to default
2

I use also TiniMCE. I use nothing but the below codes, which helps me.

$allowedTags='<p><strong><em><u><h1><h2><h3><h4><h5><h6><img>';
$allowedTags.='<li><ol><ul><span><div><br><ins><del>';  
$new_msg = strip_tags(stripslashes($_POST['msg']), $allowedTags);// Posted data from tiniMCE text area

Try this above. This is save from XSS or other attack

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If you allow user to use TinyMCE , then you must remove all style of HTML tag and script . Then save direct to database , don't need to use htmlspecialchars.

If only a you can post then you don't need sanitize anything .

Improve this answer

6 Comments

Removing all tags and script? ok, please tell me more about this. First, you don't need a script tag for running javascript code. Also, if i remove all html tags, whats then the point of using tinymce?
You remove style like this : style="font-size:13px"
and this would help why? as i said, whats the point of using tinymce then?
If you allow user post a page. It is complicate matter , User can style for HTML tag then they will can break your website layout .Or you must code allow valid style as color , font-size but you still must remove other style as height, width. You can use TinyMCE's BBcode plugin like as forums to allow user style their post.
You can't use htmlspecialchars if you sanitize data. And you is person type that make me annoy most in world. Easy to insult everyone.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.