PHP form clean-up?
I need to sanitized the form input for a textarea field.
The opening tag can allow b,strong,i,em,u,br,span,a,p,ul,ol,li - it can also have style="". But remove all others: class="", id="", javascript, etc.
The closing tag can only be </
and one of b,strong,i,em,u,br,span,a,p,ul,ol,li and >. Nothing else is allowed inside the closing tag.
All other brackets will be removed with PHP strip_tags.
Not sure what the regex should look like - any help?
Something like...
$input= strip_tags($input, "<b><strong><i><em><u><br><span><a><p><ul><ol><li>");
$input= input_sanitize($input);
echo $input;
function input_sanitize($value) {
// first, sanitize the opening tags
$value = preg_replace(
"/".
"<(b|strong|i|em|u|br|span|a|p|ul|ol|li)".
开发者_运维问答 "(.*?)".
"(((style\=('|\")(.+?)('|\"))*?)(.*?)((href\=('|\")(.+?)('|\"))*?))".
"(.*?)>/im",
"<$1 $3 $5>",
$value);
// second, sanitize the closing tags
$value = preg_replace(
"/<\/(.*?)(b|strong|i|em|u|br|span|a|p|ul|ol|li)(.*?)>/im"
"</$2>",
$value);
return $value;
}
Anyone good at regex? :D
When it comes to security I suggest to use stable and secure solutions such as HTML Purifier.
精彩评论