Hi,

[man]strip_tags()[/man] work great, on the whole if you want to strip all tags from user input, but what if you want to allow them to use font tags, or b tags or div tags?

With these tags, it's possible to add attributes (e.g. <div width="3000px">) that could damage the page layout.

Basically, what I want to do is strip tags (except a given specified list), and remove all attributes from those tags (except a given specified list).

So, say my list is something like

$allowedtags=array("div","b","a","i","u","font");
$allowedattr=array("style","size");

Then I need to strip them, so I assume the place to start would be:

$input=strip_tags($input);

Then some sort of preg replace is required, but what if more than one attribute is set:

$input="<div style=\"border-width:1px; width:3000px\">";

Would need to be changed to:

$input="<div style=\"border-width:1px\">";

I'm guessing some sort of [man]preg_replace()[/man] is required, but I can get to that later. Has anyone done this (couldn't find it in the manual under [man]strip_tags()[/man] where I'd hoped to).

Am I attempting the unnecessarily complicated?

ucbones

    Hi,
    I'm sorry if I'm wrong, but in the page you link strip_tags() I find all you need.

    First I can look a well [string allowable_tags] param. You can use this to leave some tag, and remove the others.

    Second, the first example, from Tony Freeman, remove all "Evil Attributes".

    Try to get a look...

      Hi bad76,

      Thanks, sorry, I must confess I was using a downloaded version of the manual, which didn't have that comment in. My apologies for not checking online!

      However, the function you quoted doesn't quite seem to be working, it's removing "style" but not "class", any ideas what's wrong with it?

      Many thanks,

      Dom

        Once again I am made aware of my staggering stupidity- failed to see that he hadn't called the function removeevilattributes... doh!

        Many thanks bad76, that's perfect!

        Dom

          Write a Reply...