This is what i have so far:
$allowed = '<br><p><b><i><u><li><ol><ul><strong>';
$info = strip_tags($info, $allowed);
$info = preg_replace('/<([^>])[^>]*>/', '<\1>', $info);
This works for everything except the closing tags. It turns </p> into </>.
Anyone know why?
Thanks,
Matt
"Jochem Maas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Matt Palermo wrote:
>
> > I am building a system which allows users to post data. I want to allow
> > them to use ONLY certain tags such as <p>, </p>, <b>, </b>, <i>, </i>,
> > etc... I want to allow them to use only these, and then strip out ALL
> > attributes inside the tags. So if they input something like <p
junk=junk>,
> > it would switch it to just <p>. Anyone know of a way this can be done?
>
> regular expressions, heres an example:
>
> <?php
>
> $input = 'this <div>is some</div> <u><b class="haxor">bad</b></u> HTML';
> echo "{$input}\n";
> $input = preg_replace('/<\/?[^pbiu\/][^>]*>/', '', $input);
> echo "{$input}\n";
> $input = preg_replace('/<([pbiu])[^>]*>/', '<\1>', $input);
> echo "{$input}\n";
> $input = str_replace('bad', 'good', $input);
> echo "{$input}\n";
>
> ?>
>
> you might also think about stripping <script> tags etc.
> try taking a look at some forum code (e.g. phpbb.com) to see how they do
> it.
>
> no doubt that some real regexp wizard could perform the above
> replacements in a single regexp but hopefully it gives you an idea... if
> your not yet familiar with regexps then I strongly recommend you read
> the relevant part of the manual - they are very handy things indeed.
>
> >
> > Thanks,
> >
> > Matt Palermo
> > http://sweetphp.com
> >
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
