Is it safe to allow HTML code inside PHP?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • olddocks
    New Member
    • Nov 2007
    • 26
    #1

    Is it safe to allow HTML code inside PHP?

    is it safe to allow users using a html text editor? i got open source java script based HTML editor and i am using it to allow people to type their blog and forum?

    is it safe?
    Tags: None
    • Markus
      Recognized Expert Expert
      • Jun 2007
      • 6092
      #2
      If you use the proper precautions.

      And it's probably safe to assume that because it's an open source editor, there'll be some safety features within it.

      Couldn't say without looking at it.

      And what does php have to do with it, if you're using javascript?

        Comment

        • olddocks
          New Member
          • Nov 2007
          • 26
          #3
          thanks markus :)

          actually, i am bit worried becuase people can upload HTML files in the editor and PHP script outputting the page. Like..

          $text = <html content is stored in database>

          and a PHP file like show.php echoing the $text.

            Comment

            • Markus
              Recognized Expert Expert
              • Jun 2007
              • 6092
              #4
              Well, if that's what you allow people to do, then there's nothing you can do to stop people.

              They will be unable to do such things as mysql injection, though.

                Comment

                Previous template Next
                Working...