Textarea (comment box) free of scripts [closed]

Navigation
0

How do I make sure no one can enter a script in a comment box?

For now I have put a htmlspecialchars() so that scripts can not be easily entered but, of course, with the person in question to find out that you can write html characters all you have to do is insert a script with those characters.

I thought about doing a preg_replace() to the characters < and > but then I have fallen in that the only thing that the user should do to skip that filter is to take advantage of the tag for links to put the script inside.

So, how do I do it so the user can not put a script in the comments box anyway?

    
asked by Kakotas7 02.02.2018 в 08:33
source

1 answer

-2

Good morning, I suggest you take advantage of the preg_replace () to replace characters like "http", "https", ": //", ".com", ".net", including extensions "html", "php ", etc. and replace them with a blank space "", so you can never insert them and those URL's will not be activated. An example: 

    $text = " Helloooo try thiss http://www.google.com and www.youtube.com:D it works :)";
    $text = preg_replace('#http://[a-z0-9._/-]+#i', '<a href="$0">$0</a>', $text);
    $regex = "#[ ]+(www.([a-z0-9._-]+))#i";
    $text = preg_replace($regex," <a href='http://$1'>$1</a>",$text);
    echo $text;
    
answered by 02.02.2018 / 08:50
source
Token not provided in authentication with JWT Laravel Select row of a gridview without buttons, checkbox