Can I configure codeigniter to avoid all htmlentities?
Question
I have a huge codeigniter app, with lots of forms and fields. I need to avoid users to enter HTML code in any input. I know I can escape it which funcionts like strip_tags or escape it using htmlentites .
But I wonder if there is any way to do it globally, that remove or escapes the html code inserted in any of the inputs of the whole aplication.
1 answers
solution1
1 2016-05-31 00:23:12
I've modifiyed the function that retrieve results, filtering the html open and close tag. that is something like I want. to deny show html or javascript saved in the database.
public function array_htmlentities(&$row){
//return $row;
foreach($row as &$value){
if( is_array($value) || is_array($value) ){
$value = $this->array_htmlentities($value);
}elseif(is_string($value)){
$json = json_decode($value);
if( is_array($json) || is_array($json) ){
$value = json_encode($this->array_htmlentities($json));
}else
$value = str_replace(array('<','>'), array('<','>'), $value);
//$value = $value;
}else
$value = $value;
}
return $row;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.