Revision as of 15:25, 15 December 2012 edit SierraAR (talk \| contribs) 1 edit Added suggestion to use PHP htmlspecialchars() ← Previous edit		Revision as of 23:26, 3 January 2013 edit undo Crazycomputers (talk \| contribs) Administrators 21,919 edits this does not prevent SQL injection at all Next edit →
Line 1: {{Orphan\|date=December 2009}} {{Refimprove\|date=December 2009}} '''HTML sanitization''' is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe". HTML sanitization can be used to protect against [[cross-site scripting~~]] and [[SQL injection~~]] attacks by sanitizing any HTML code submitted by a user. Tags often allowed are <nowiki><b></nowiki>, <nowiki><i></nowiki>, <nowiki><u></nowiki>, <nowiki><em></nowiki>, and <nowiki><strong></nowiki>.

HTML sanitization: Difference between revisions