Security Tip: Don't Use nl2br()!

Tuesday Mar 26th 2024
Stephen Rees-Carter — Submitted by Marko

I was googling alternative for nl2br when I was doing some PHP/Laravel development. I have sanitized input but still I was curious about alternative for nl2br. I found great way to do the samething with CSS.

Stephen wrote a great article about this with examples.

As useful as it sounds, nl2br() can potentially leave you open to Cross-Site Scripting (XSS) vulnerabilities... you should reach for CSS instead!


We use Mastodon to show our comments. You only need to post a reply for the corresponding toot. We cache our comments here so it may take a couple of minutes to show up here.
Join the conversation