jovialcore · December 14, 2022 09:53
diff --git a/fix-xss.php b/fix-xss.php
 <?php

 //Using php, Native approaches involve like htmlspecialchars() to escape special characters in the user input.
 $Userdata;

 $sanitized = htmlspecialchars($Userdata);
 // output 
 echo " <p> Your data is:" . $sanitized . " </p>";


 //CSP  (Content security policy) function, By using CSP Header with PHP
 header("Content-Security-Policy: default-src 'self'");


        /** HTML Purifier library Approach **/

 //require the  HTML Purifier library
 require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php';

 // instantiate 
 $config = HTMLPurifier_Config::createDefault();
 $purifier = new HTMLPurifier($config);

 // get user inputed data
 $user_data = "<p>This is some <strong>dirty</strong> HTML.</p>";

 // clean HTML input using HTML Purifier
 $purified = $purifier->purify($user_data);

 // print cleaned HTML
 echo $purified;
	<?php

	//Using php, Native approaches involve like htmlspecialchars() to escape special characters in the user input.
	$Userdata;

	$sanitized = htmlspecialchars($Userdata);
	// output
	echo " <p> Your data is:" . $sanitized . " </p>";


	//CSP (Content security policy) function, By using CSP Header with PHP
	header("Content-Security-Policy: default-src 'self'");


	/ HTML Purifier library Approach /

	//require the HTML Purifier library
	require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php';

	// instantiate
	$config = HTMLPurifier_Config::createDefault();
	$purifier = new HTMLPurifier($config);

	// get user inputed data
	$user_data = "<p>This is some <strong>dirty</strong> HTML.</p>";

	// clean HTML input using HTML Purifier
	$purified = $purifier->purify($user_data);

	// print cleaned HTML
	echo $purified;