It's a safe practice NOT to open your doors to any strangers and the same caution tells use to sanitize input to your website. When I have an input text area for a web page, HtmlPurifier is the minimum to guard text input and this is how I set it up.
Download HtmlPurifier from http://htmlpurifier.org, unzip and note its location. The basic code for getting HTML Purifier for standalone setup is:
require_once '../../htmlpurifier-4.4.0-standalone/HTMLPurifier.standalone.php'; $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $clean_html = $purifier->purify($this->request->data['Post']['body']); $this->request->data['Post']['body'] = $clean_html;
Insights of the past for the present
ON THE BOOK SHELF
May your insights be worthy.