Jump to content

Strip HTML help


redroy

Recommended Posts

Hi,

New here... I've got a small problem that I need some help with and have been unsuccessful on other forums. I'm hoping you can point me in the right direction.

What I've got is a content control that I wrote for my clients using php/mysql. I have a function that checks the inserted data and strips out php and unwanted html. The problem is that's too strict. For example if someone makes an error with an acceptable tag like:[code]<a href=""[/code] ... not closing it. The function will strip EVERYTHING from that point down. Is there anyway to make the function below more dummy proof?[code]$allowedTags = '<h1><h2><h3><h4><h5><h6><b><i><u><a><div><img><ul><li><hr><blockquote>';
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup';
function stripData($string)
{
    global $allowedTags, $stripAttrib;
    while($string != strip_tags($string, $allowedTags))
    {
        $string = strip_tags($string, $allowedTags);
    }
    while($string != preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string))
    {
        $string = preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string);
    }
    return $string;
}
[/code]

Thanks for your time!!
Link to comment
Share on other sites

  • 3 months later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.