/**
* Prevents basic XSS attacks from filtering out HTML tags
* Converts special characters of HTML to HTML entities htmlentities
* Converts # and% to their corresponding entity symbol
* plus $ The length parameter to limit the maximum length of data submitted
*/
Function transform_html ($string, $length = null) {
//helps prevent XSS attacks
br>//Remove dead space.
$string = Trim ($string);
//Prevent potential Unicode codec problems.
$string = Utf8_decode ($string);
//htmlize html-specific characters.
$string = Htmlentities ($string, ent_noquotes);
$string = Str_replace ("#", "#", $string);
$string = str_replace ("%", "%", $string);
$length = intval ($length);
if ($length > 0) {
$string = substr ($string, 0, $length);
}
return $string;
}
/*
//eg:
$string = ">< > <a>< \n/n \. \ \ \%22%3e%3c%53%43%52%49%5 0%54%3e%44%6f%73%6f%6d%65%74%68%6 9%6e%67%6d%61%6c%69%63%69%6 f%75%73%3c%2f%53%43%52% 49%50%54%3E ";
Echo $string;
Echo ' <br> ';
Echo transform_html ($string);
*/
/*
Output $string:
>< > </n \. \ \%22%3e%3c%53%43%52%49%5 0%54%3e%44%6f%73%6f%6d%65##%74%68%6 9%6e%67%6d%61%6c%69%63%69%6 f%75%73%3c%2f%53%43%52% 49%50%54%3e
Output transform_html ($string):
>< > <a>< /n \. \ \%22%3e%3c%53%43%52%49%5 0%54%3e%44%6f%73%6f%6d%65##%74%68%6 9%6e%67%6d%61%6c%69%63%69%6 f%75%73%3c%2f%53%43%52% 49%50%54%3e
*/
Prevent basic XSS attacks from filtering out HTML tags