I have a website with CKEditor, To prevent XSS attacks I used strip_tags but the problem is that it also breaks the WYISWYG editor (CKEditor).
Like, stackoverflow is secure to XSS attacks BUT it does not block any tags.
How can I acomplish the same effect?
I want users to be able to share code
php's strip_tags supports allowed tags example direct from php docs site:
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
echo "
";
// Allow <p> and <a>
echo strip_tags($text, '<p><a>');
//output :
//Test paragraph. Other text
//<p>Test paragraph.</p> <a href="#fragment">Other text</a>
maybe this can help