My website is allowing blogging , i use textarea for the blog post and i need to allow the users to share things like youtube videos (i will need to allow iframe tag to do so) or display images using the img tag or using links by allowing the a tag , The problem is i need to secure the website against XXS attacks and that is why i am afraid to allow those tags, is there any work around to accomplish this ?
can i use something like this :
<?php
$string = "<b>hello world!</b>";
echo "without filtering:".$string;
echo "<br>";
$filtered = htmlspecialchars($string); // insert into database filtered
echo "After filtering:".$filtered;
echo "<br>";
$de_filtering = htmlspecialchars_decode($filtered); //retrieve from database and display
echo "After de-filtering:".$de_filtering;
?>
is it possible to do that ?