Html encode in PHP
By encode, do you mean: Convert all applicable characters to HTML entities? htmlspecialchars or htmlentities You can also use strip_tags if you want to remove all HTML tags : strip_tags Note: this will NOT stop all XSS attacks
html-encode
A potentially dangerous Request.Form value was detected from the client
I think you are attacking it from the wrong angle by trying to encode all posted data. Note that a “<” could also come from other outside sources, like a database field, a configuration, a file, a feed and so on. Furthermore, “<” is not inherently dangerous. It’s only dangerous in a specific context: when … Read more
Which characters need to be escaped in HTML?
If you’re inserting text content in your document in a location where text content is expected1, you typically only need to escape the same characters as you would in XML. Inside of an element, this just includes the entity escape ampersand & and the element delimiter less-than and greater-than signs < >: Inside of attribute values you must also escape … Read more