On Wednesday, 28 June 2017 at 18:51:41 UTC, Vladimir Panteleev
wrote:
On Wednesday, 28 June 2017 at 18:08:12 UTC, aberba wrote:
I wanted strip_tags() for sanitization
Careful. If you don't implement this correctly (and it may be
surprisingly difficult to), you may expose your site to XSS
attacks.
Instead of stripping tags, you may want to encode HTML entities
instead ('<' -> "<" etc.)
auto regex = ctRegex!(`</?(\w*)>`);
This will not capture <script src="...">.
I'm already using prepared statements thoroughly. strip_tags()
has its own uses beside making it safe for db storage.
