How to remove HTML and Scripts in user-written messages?

1

I have created a messenger, and after the user writes the message it is stored in the database in varchar format, at the time the recipient sees the message, if it was written with HTML tags, and Script tags this is displayed to the recipient. How can you prevent this from happening?

    
asked by anonymous 16.12.2016 / 13:35

1 answer

4

In a simple way, you replace in all < por &lt; e > por &gt; before saving to the bank

If you are php you can use

htmlspecialchars('<strong>qualquercoisa</strong>')
    
16.12.2016 / 13:44