Hello Guys,
I just have a question about escaping HTML. I'm saving html in my database and I want to display that HTML on my website.
Well, when I display that HTML I want to escape script-tags or other dangerous html-tags (XSS). Currently I'm using the Phalcon\Escaper to escape html with $escaper->escapeHtml().
The problem is, that I want to display the html, but prevent from XSS by Script-Tags or something. Is this possible with the Phalcon\Escaper or is there a sanitize function to filter script tags ... ?
Any answer would be nice :)
Greets, Yannici