How To Strip Specific Tags And Specific Attributes From A String?
Here's the deal, I'm making a project to help teach HTML to people. Naturally, I'm afraid of that Scumbag Steve (see figure 1). So I wanted to block ALL HTML tags, except those app
Solution 1:
require_once'library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
// this one is needed cause otherwise stuff // considered harmful like input's will automatically be deleted$config->set('HTML.Trusted', true);
// this line say that only input, p, div will be accepted$config->set('HTML.AllowedElements', 'input,p,div');
// set attributes for each tag$config->set('HTML.AllowedAttributes', 'input.type,input.name,p.id,div.style');
// more extensive way of manage attribute and elements... see the docs// http://htmlpurifier.org/live/configdoc/plain.html$def = $config->getHTMLDefinition(true);
$def->addAttribute('input', 'type', 'Enum#text');
$def->addAttribute('input', 'name', 'Text');
// call...$purifier = new HTMLPurifier($config);
// display...$html = $purifier->purify($raw_html);
- NOTE: as you asked this code will run as a Whitelist, only input, p and div are accepted and only certains attributes are accepted.
Solution 2:
Use Zend framework 2 strip tags. An example below to accept ul, li, p... and img (only with src attribute) and links (with only href atttribute). Everything else will be stripped. If I'm not wrong zf1 does the same thing
$filter = new \Zend\Filter\StripTags(array(
'allowTags' => array(
'ul'=>array(),
'li'=>array(),
'p'=>array(),
'br'=>array(),
'img'=>array('src'),
'a'=>array('href')
),
'allowAttribs' => array(),
'allowComments' => false)
);
$value = $filter->filter($value);
Post a Comment for "How To Strip Specific Tags And Specific Attributes From A String?"