element handler check if the tag is allowed, if yes, append it to the string together with allowed
attributes, and add it to a count (so users won't be able to mess up your design), else append it
using htmlspecialchars. In the end element handler, check if the count for this element is > 0,
if yes, append it and subtract the count, else append it using htmlspecialchars. And in the data
handler you just need the obvious: append it using htmlspecialchars. After all you need to check
the count for each element and if it is > 0, append that many end elements.
This is just an idea, and I'm curious myself, if that would work, so write share with us your results
David Russell wrote:
Hi all,
Following on from a previous discussion, I am trying to write a "safe"
strip_tags function.
I start by applying htmlentities to the entire string, and then convert
"allowed" tags back.
One of the steps I am looking at doing is to replace something "<a
href="blah" onmouseover="blah">" with "<a href="blah">"
What would be a good preg_replace string for this?
Preg_replace('/(<A)/i', '<a', $htmlstring);
Except I need to keep the href="<anything>" as well as the closing >,
but drop everything else.
I will be googling on this too, but a reply from this group is always
quicker <g>
Thanks
David Russell
IT Support Manager
Barloworld Optimus (Pty) Ltd
Tel: +2711 444-7250 Fax: +2711 444-7256
e-mail: [EMAIL PROTECTED]
web: www.BarloworldOptimus.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php