0

How to check if the string contains any tags <>. I need to sanitize my string from xss attacks or attacks like that. I am looking for a function which can santize my string in javascript and php.

This is what I have for java script , please let me know if this is correct ?

function parseThisString(strcode) { 
    var scripts = new Array();         
    while(strcode.indexOf("<") > -1 || strcode.indexOf("</") > -1) { 
        var s = strcode.indexOf("<");
        var s_e = strcode.indexOf(">", s);
        var e = strcode.indexOf("</", s);
        var e_e = strcode.indexOf(">", e);
        scripts.push(strcode.substring(s_e+1, e)); 
        strcode = strcode.substring(0, s) + strcode.substring(e_e+1); 
    }
    if (scripts.length >  0) { return 1; } else { return 0; }
}

Can you guys show me any solid string sanitizing function in php ? I found this answer but I didt know how to transilate this function to a single return with 0 or 1 (yes or no) . What is the correct way to detect whether string inputs contain HTML or not?

Please help me here . Thanks.

Improve this question
2
  • By sanitising, do you want to make the HTML "safe" so that you can output it onto the page, do you want to remove all HTML tags, or do you want a binary "yes/no" for whether a string contains HTML tags? Commented Jan 25, 2014 at 18:54
  • yes , HTML "safe", so that I can output links and all. Commented Jan 26, 2014 at 3:36

1 Answer 1

Reset to default
3

You can escape any html tags using htmlspecialchars().

$string = htmlspecialchar($old_string);

You can remove all html tags from string using strip_tags().

$string = strip_tags($old_string);

But if you wanna know if there's html tags in the string, you can use this function, combinated with strip_tags().

function hasHTML($string) {
    if ($string != strip_tags($string))
        return true;
    else 
        return false;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I have used strip_tags(). ya I will check if the string != strip_tags($string)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.