I was using the php strip_tags() function to remove html tags from my text area input and to remove < script > tags to help guard against scripting attacks.Anyway, often times the user is going to need to input XML tags that are not known in advance. However, my strip_tags function is removing these benign xml tags as well, which is not acceptable.Also, I'll sometimes put filename.< date>.png (had to add a space there because StackOverflow removed it as well lol) to indicate variable parts of a file name or path. In this case what I end up with is filename..png after strip_tags is run.Any help would be greatly appreciated.
How do I get PHP strip_tags to remove HTML and Script tags but not XML?
- Thread starter gembels
- Start date