I have a website that allows anyone to upload anything they want to my site, I’ve been having problems with people uploading phishing html’s and I would like to show the html page as text instead of loading it but I’m not sure how I would go about doing that? I assumed it was something that could be done in htaccess but I can’t find any information about it. I’m using Ubuntu with Apache. When someone uploads the html file I need to automate the process, I only need to disable html in one directory and this directory isn’t shared with any html files that are supposed to display properly
4
Answers
Maybe use this function:
Source: https://css-tricks.com/snippets/javascript/htmlentities-for-javascript/
You can send it with
Content-Type: text/plain; charset=UTF-8
header..htaccess
:Method 1
Create a .htaccess file at the root of your website and add this line:
[Apache2 @ Ubuntu/Debian: use this directive]
AddType application/plain .html .htm
The above will intercept and handle any html pages within your directory to run as plain text files.
Method 2
Alternatively, you can run a separate process that accepts incoming html pages and performs a conversion to plain text at runtime. A string replacement method will do the trick.
The
<xmp>
Element is obsolete but behaviour is defined in HTML5.It’s supported by all modern and unmodern Browser.
or, if you prefer valid HTML, this:
You have to ensure that user content doesn’t contain
</xmp>
or</script>
, resp.