Would you rather (reject the input and error) or (accept the input, but strip HTML tags from the input)?
I would reject it, becuase I expect user to input comment.
For comments I'd rather go with stripping the HTML tags out. I couldn't be bothered to rewrite a comment, really. Something like HTMLPurifier will let you do that. It'll allow certain HTML tags, like p or a, but will strip everything else. It'll also let you fix the HTML by closing missing tags, etc.
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community