What are the differences between the built-in php method htmlspecialchars() and htmlpurifier library?
Asked
Active
Viewed 829 times
2
-
@Downvoter Sir/Madam, May I please ask what wrong did I do. So that I can rectify my mistake... – Raja Jun 14 '17 at 21:42
-
There's really not much sense fretting over individual downvotes. That said, they may have been frustrated by the fact that you didn't do much digging into the documentation of the two functions - the differences are pretty clear if you read more than a minute or two. – ceejayoz Jun 14 '17 at 23:41
-
1@ceejayoz Thank you for informing the reason behind the downvote. Actually, I did search for more than 2 hours before posting this question. My experience is far less than anyone else in this community. So the things that you guys can make out just by looking at it for a "minute or two", it requires me an entire day. Even then also I fail to find something suitable. Sorry for my ignorance and bad English. It is not my native language. – Raja Jun 15 '17 at 13:43
1 Answers
1
If you just want to stop any HTML from being used, use htmlspecialchars or htmlentities.
HTML Purifier is intended to let you allow some HTML, with quite a few options - for example, you can allow video embeds only from YouTube, or allow only certain CSS classes on certain HTML tags. Handy if you're building a CMS or something where you want to allow people to use HTML but not permit malicious use.
It can also make HTML fixes, like adding default alt tags to images, cleanup of invalid or unnecessary code, etc.
Peruse the available configuration options for an idea of what's possible.
ceejayoz
- 176,543
- 40
- 303
- 368
-
You forgot to mention, `htmlspecialchars` converts things like `>` and `<` to `>` and `<` – Jun 14 '17 at 21:38
-