Thanks for checking the article out! I've updated the article to be more detailed in this area, but I'll include that in this reply as well. When you allow a user to post text to your site, you take the text they posted on the backend and escape it with the htmlentities function if you're using PHP.
$postedText=htmlentities($postedText);
It's just that simple. This will get rid of any img tags that users try to inject.
Thanks for checking the article out! I've updated the article to be more detailed in this area, but I'll include that in this reply as well. When you allow a user to post text to your site, you take the text they posted on the backend and escape it with the htmlentities function if you're using PHP.
It's just that simple. This will get rid of any img tags that users try to inject.
thank you