By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,962 Members | 1,767 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,962 IT Pros & Developers. It's quick & easy.

Is it safe to allow HTML code inside PHP?

P: 26
is it safe to allow users using a html text editor? i got open source java script based HTML editor and i am using it to allow people to type their blog and forum?

is it safe?
Dec 6 '07 #1
Share this Question
Share on Google+
3 Replies


Markus
Expert 5K+
P: 6,050
If you use the proper precautions.

And it's probably safe to assume that because it's an open source editor, there'll be some safety features within it.

Couldn't say without looking at it.

And what does php have to do with it, if you're using javascript?
Dec 6 '07 #2

P: 26
thanks markus :)

actually, i am bit worried becuase people can upload HTML files in the editor and PHP script outputting the page. Like..

$text = <html content is stored in database>

and a PHP file like show.php echoing the $text.
Dec 6 '07 #3

Markus
Expert 5K+
P: 6,050
Well, if that's what you allow people to do, then there's nothing you can do to stop people.

They will be unable to do such things as mysql injection, though.
Dec 6 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.