Stack Overflow
Stack Overflow

Questions tagged [sanitize]

Whitelist-based Ruby HTML and CSS sanitizer.

Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.

Using a simple configuration syntax, you can tell Sanitize to allow certain HTML elements, certain attributes within those elements, and even certain URL protocols within attributes that contain URLs. You can also whitelist CSS properties, @ rules, and URL protocols you wish to allow in elements or attributes containing CSS. Any HTML or CSS that you don't explicitly allow will be removed.

Sanitize is based on Google's Gumbo HTML5 parser, which parses HTML exactly the same way modern browsers do, and Crass, which parses CSS exactly the same way modern browsers do. As long as your whitelist config only allows safe markup and CSS, even the most malformed or malicious input will be transformed into safe output.

411 questions
0
votes
1 answer

clean/sanitize HTML, but preserve loses HTML chars with Ruby/Rails + Nokogiri + Sanitize (?)

We were using a combination of the Sanitize gem and HTMLEntities to do some clean up of user input HTML. The Sanitize gem used Hpricot, but now uses Nokogiri. I need to get Hpricot out of the app. Here are two test strings, each followed by the…
whatbird
  • 1,552
  • 1
  • 14
  • 25
0
votes
1 answer

Sanitize input with FILTER_SANITIZE_STRING

I'm getting mad writing some code for sanitize the data which come from a form. In the form I have a input field named "sender_countryCode" that could only contains 2 or 3 text characters like USA, FR, EN, ... the following code should block…
Nicolaesse
  • 2,554
  • 12
  • 46
  • 71
0
votes
1 answer

Php safe output

When outputting user input I use this function: function bbkoda($text) { $text = htmlspecialchars($text); $text = nl2br($text); $hitta = array( "'\[b](.*?)\[/b]'is", "'\[i](.*?)\[/i]'is" ); $byt = array( …
Remy Aquila
0
votes
2 answers

Properly escaping fields and query settings when using PDO

Possible Duplicate: How do I use pdo's prepared statement for order by and limit clauses? I'm using PDO as it has been recommended as the way to go when it comes to PHP database connections. But at the same time I am a obsessed with securing my…
kingmaple
  • 4,200
  • 5
  • 32
  • 44
0
votes
1 answer

Sanitize::html with accents CakePHP2.0

I was using this to save my data into the Database: $this->request->data['Post']['body'] = utf8_decode($this->request->data['Post']['body']); Like that, i could save into my DB some "special" characters like the ones with accents: áéíóú without any…
Alvaro
  • 40,778
  • 30
  • 164
  • 336
-1
votes
2 answers

In PHP we have santize to ensure String is safe. What is the similar thing for Java

In PHP we have santize to ensure String is safe. What is the similar thing for Java. I know PreparedStatement . But it will not help me in my project. Is there is something that checks only letters are there in String . query = "SELECT …
JOY SAM RAJ
  • 31
  • 6
-1
votes
1 answer

When is neccesary sanitizerBypassSecurityUrl

I have an ionic app in which i preview images in base64 using [src]="sanitizer.bypassSecurityTrustUrl(myBase64Photo), is neccesary there to preview because i had a warning, but im not sure if it is necessary after the image is stored in firebase and…
Francisco Manrique de lara
  • 11
  • 1
  • 4
-1
votes
1 answer

Sanitize function too sanitary?

I'm working on a webapp that sanitizes models for the view. However, it is stripping too many wanted characters, like forward slashes, semi-colons, colons, dollar signs, quote marks and accented letters from foreign languages. e.g. 3/8"W becomes…
Kirk Ross
  • 6,413
  • 13
  • 61
  • 104
-1
votes
1 answer

How to save HTML META and JavaScript in Database using PHP?

It is not duplicate post since I escape the form using htmlspecialchars() to clean the submitted form and the active records from CodeIgniter are escaping all the quotes. The error Is not one from Database, it is a block from the server when I try…
xttrust
  • 585
  • 1
  • 4
  • 15
-1
votes
1 answer

How to protect PHP application from CRLF attack?

I am using Acunetix to scan my PHP application for security issues. After all scans, I get a medium alert related to CRLF vulnerability. But I don't know how can I fix this issue. I created a function to remove all possible codes for injections but…
Mohammad Saberi
  • 12,864
  • 27
  • 75
  • 127
-1
votes
1 answer

Does Youtube Data API Sanitize Results

I used YouTube Data API a bit. My page does display users input from Google's servers eg video title. Would you be able to get an XSS by putting to code on Youtube and calling in back on my domain.
James Coombes XD
  • 51
  • 3
-1
votes
1 answer

Securely post textarea content in PHP

I am using PHP with MySQLi(improved), I just want to know how to securely insert textarea content. My textarea content is using a text editor which has bold, italic, underline and bullet options. What I want now is when the content is inserted it…
Syed Naveed
  • 83
  • 1
  • 10
-1
votes
2 answers

Apostrophe show up as symbols when enter data in php

Say I enter a comment from a form with this term for eg."john's cookhouse". It will show up as "john's cookhouse" I am sanitizing the input going in and coming out with the following escape function. function escape($string) { return…
thatoneguy
  • 23
  • 1
  • 6
-1
votes
1 answer

mysql_real_escape_string not echoing variable

I'm trying to sanitize a variable and am having an issue. This code outputs the echo correctly: $to_raw = $_POST['to'] ; echo $to_raw; But this returns nothing: $to_raw = mysql_real_escape_string($_POST['to']) ; echo $to_raw; Am I missing…
Milksnake12
  • 551
  • 1
  • 9
  • 19
-1
votes
1 answer

I can't get this to work, php sanitize filters

Can someone tell me what I am doing wrong? I am trying to sanitize and validate a form user input with the php filters. This input is going to go to a mySql database then an html page output so I need to remove all html tags and also provide…
Emily Bonilla
  • 19
  • 5
1 2 3
27
28