Thanks for checking the article out! I've updated the article to be more detailed in this area, but I'll include that in this reply as well. When you allow a user to post text to your site, you take the text they posted on the backend and escape it with the htmlentities function if you're using PHP.
$postedText=htmlentities($postedText);
It's just that simple. This will get rid of any img tags that users try to inject.
I read all of this and anticipated the part where you tell me how to avoid it and instead only got "go investigate htmlentities" :/
Thanks for checking the article out! I've updated the article to be more detailed in this area, but I'll include that in this reply as well. When you allow a user to post text to your site, you take the text they posted on the backend and escape it with the htmlentities function if you're using PHP.
It's just that simple. This will get rid of any img tags that users try to inject.
thank you