I'm building a small CMS in PHP for a client and something I've noticed that comes up fairly often is a client will enter a bit of HTML in a field without closing his/her tag. I'm wondering if there is some parsing technique to prevent bad HTML from rendering my whole output page in italics because the user forgot to add a closing </i> tag.
I'm not worried about XSS or malici开发者_StackOverflow社区ous html, just a forgotten tag here and there as it's the client who is managing the content.
Forgive me if this is a duplicate question, I did some searching, but could not find an appropriate answer.
-J
You may want to tidy the HTML input from the user so that the dirty HTML can be fixed. Check out the PHP5 Tidy extension to achieve this.
http://devzone.zend.com/article/761
Why do you not use an IFRAME with the contents the user edited in another page ?
That way only that page is 'at risk', and you can use a scrollable reagon too.
Just a thought ...
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论