Content deleted Content added
Undid revision 964546209 by ThesenatorO5-2 (talk) Claim not supported by citation. Looking at the actual function added (https://www.php.net/manual/en/function.htmlspecialchars.php), it doesn't seem to have anything to do with this article. |
No edit summary |
||
Line 1:
{{Refimprove|date=December 2009}}
'''HTML sanitization''' is the process of examining an [[HTML]] document and producing a new HTML document that preserves only whatever tags are designated "safe" and desired. HTML sanitization can be used to protect against attacks such as [[cross-site scripting|cross-site scripting (XSS)]]
Basic tags for changing fonts are often allowed, such as <code><b></code>, <code><i></code>, <code><u></code>, <code><em></code>, and <code><strong></code> while more advanced tags such as <code><script></code>, <code><object></code>, <code><embed></code>, and <code><link></code> are removed by the sanitization process. Also potentially dangerous attributes such as the <code>onclick</code> attribute are removed in order to prevent malicious code from being injected.
| |||