I'm exploring a few service ideas that revolve around user-generated content, specifically text submissions which will be stored in a database or elsewhere. The concern is, how do I effectively filter out inappropriate or harmful content? If something undesirable slips through, what are my options? I'm also curious about self-hosting solutions versus external services that can assist with this.
2 Answers
You definitely need to watch out for cross-site scripting (XSS). Users can post malformed HTML with JavaScript that could execute on other platforms. Proper filtering is crucial to avoid that.
A key step is to ensure you're using escaped strings for any text stored in a database. This helps prevent users from injecting commands into your database based on their inputs. On a basic level, you could set up some PHP filtering functions to block specific words and topics.
Exactly! And don't forget to sanitize all inputs properly to keep code from running on your system.