开发者

PHP form clean-up?

问答 作者:

I need to sanitized the form input for a textarea field.

The opening tag can allow b,strong,i,em,u,br,span,a,p,ul,ol,li - it can also have style="". But remove all others: class="", id="", javascript, etc.

The closing tag can only be </ and one of b,strong,i,em,u,br,span,a,p,ul,ol,li and >. Nothing else is allowed inside the closing tag.

All other brackets will be removed with PHP strip_tags.

Not sure what the regex should look like - any help?

Something like...

$input= strip_tags($input, "<b><strong><i><em><u><br><span><a><p><ul><ol><li>");

$input= input_sanitize($input);
echo $input;

function input_sanitize($value) {
    // first, sanitize the opening tags
    $value = preg_replace(
        "/".
        "<(b|strong|i|em|u|br|span|a|p|ul|ol|li)".
       开发者_运维问答 "(.*?)".
        "(((style\=('|\")(.+?)('|\"))*?)(.*?)((href\=('|\")(.+?)('|\"))*?))".
        "(.*?)>/im", 
            "<$1 $3 $5>", 
            $value);
    // second, sanitize the closing tags
    $value = preg_replace(
        "/<\/(.*?)(b|strong|i|em|u|br|span|a|p|ul|ol|li)(.*?)>/im"
        "</$2>",
        $value);
    return $value;
}

Anyone good at regex? :D

When it comes to security I suggest to use stable and secure solutions such as HTML Purifier.

继续阅读:phpregex

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9