DEVHIDE
Login Or Sign up

Removing malicious things from HTML

293 Views Asked by At

I want to display a mail which is in HTML format in a web page.

I guess there are several malicious things in HTML which I should remove before displaying the HTML to the user.

The HTML mail comes from an unknown source and could be created by a evil hacker.

What needs to be done to call "clean" HTML from unknown source?

Malicious content (like "Parental Advisory explicit contents") are not part of this question. I just want to be sure the HTML can do any harm.

javascript html security malware
Original Q&A
2

There are 2 best solutions below

5
TwistedOwl On

You can serve html content using jquery .text() method and filter all html tags in order to remove them from final result so it does not look ugly for user.

What you are looking for is XSS protection. You will find more information about this issue here: XSS (Cross Site Scripting) Prevention Cheat Sheet

EDIT: Here you can find how to filter html tags: JavaScript: How to strip HTML tags from string? [duplicate]

3
Atr_Max On

When using jQuery:

use .text() to escape HTML.

When using PHP:

use htmlspecialchars() to escape HTML. Don't be afraid of HTML tags visible in the browser, they are escaped.

Related Questions in JAVASCRIPT

Related Questions in HTML

Related Questions in SECURITY

Related Questions in MALWARE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.