Hi there!
I´m building a form validator using PHP and JS. It´s working fine by
now, but I want to make a little improvement. Here is how its working now:
1. The user fill the form. Every time he leaves the field, the JS
code match the value against a regexp to validate.
2. When the user submits the form, the PHP script match all the
values against the same regexp's.
Now, i want to validate my fields to prevent XSS, allowing my html tags
but only the attributes that I want.
I thought something like: (the tags and the valid attributes).
<?php
$form_html_validation = array(
"p"=>array(""),
"a"=>array("href","name","rel"),
"ol"=>array(""),
"ul"=>array(""),
"li"=>array(""),
"h2"=>array(""),
"h3"=>array(""),
"h4"=>array(""),
"h5"=>array(""),
"h6"=>array(""),
"strong"=>array(""),
"em"=>array("")
);
$valid_elements = "<".join("><",array_keys($form_html_validation)).">";
$userInput = strip_tags($userInput,$valid_elements);
//perform DOM Attribute Validation
?>
But I don´t know how to loop over every attribute for each tag in the
DomTree.
Someone has any ideas?
Thank You
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
