Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Xss Injection Post on andreabaccega.com
<a href='http://www.example.com' onClick='javascript:alert("blabla");'>Click Me!</a>
<?php
/*
* Allow only a couple of tags + Strip Slashes + Remove any attribute
* /
$almostSafeOutput = preg_replace(
"/<([a-z][a-z0-9]*)[^>]*?(\/?)>/i",
'<$1$2>',
stripslashes(
strip_tags(
$toStrip,
'<p><a><b><i><em><u><ul><li><ol><span><div>'
)
)
);
<?php
strip_tags($toStrip, '<p><a><b><i><em><u><ul><li><ol><span><div>')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.