I’m using Tinymce on my blog writing, but there seems to be a problem when using htmlspecialchars with PHP. All my
tags etc, shows up, and i want the styling of the P tag. Is there any way i can fix this? if i remote htmlspecialchars the site will be open for XSS etc, cause of javascript.
Dose anyone have a similar problem? and know how i can fix this? maybe remove some TinyMCE valdiation stuff or something?
…………………………………..
If you allow user to use TinyMCE , then you must remove all style of HTML tag and script . Then save direct to database , don’t need to use htmlspecialchars.
If only a you can post then you don’t need sanitize anything .
…………………………………..
I use also TiniMCE. I use nothing but the below codes, which helps me.
$allowedTags=’
‘;
$allowedTags.=’
‘;
$new_msg = strip_tags(stripslashes($_POST['msg']), $allowedTags);// Posted data from tiniMCE text areaTry this above. This is save from XSS or other attack