Clean HTML

[Norsk.Firefox]

Hello

Anyone have a function that clean out not-allowed HTML tags?

Example:

<a href="test.php"><b>Hello</a>

 

The a-tag goes trough, but the b-tag is replaced to <b>

or that the funtion ends the tag. <- This is harder...

[Jessica]

strip_tags() allows you to select which tags to allow, which is sort of what you want.

 

[Norsk.Firefox]

looks like the opposite of what I want. It strips away tags i tell it to do, + these two warnings:

 

Because strip_tags() does not actually validate the HTML, partial, or broken tags can result in the removal of more text/data than expected.

 

This function does not modify any attributes on the tags that you allow using allowable_tags, including the style and onmouseover attributes that a mischievous user may abuse when posting text that will be shown to other users.

[Jessica]

If you're going to allow every tag except just a few, that's not very safe. That's why I suggested strip_tags, you can allow just the ones you want.

 

Wordpress has a html validator which fixes missing tags, perhaps if you looked through the code for it you might get some ideas.

[Norsk.Firefox]

Misunderstood php.net.. But thanks , gonna look a bit on it...

[Ninjakreborn]

Well actually they were right.  If you wnat to strip out all tags except a few then you want stripped tags.

 

$variable = striptags($variable, $allowed_tags);// allowed tags being an array of the allowed tags

This will clean the variable of any tags you do not specify as being "allowed".