开发者

PHP form clean-up?

I need to sanitized the form input for a textarea field.

The opening tag can allow b,strong,i,em,u,br,span,a,p,ul,ol,li - it can also have style="". But remove all others: class="", id="", javascript, etc.

The closing tag can only be </ and one of b,strong,i,em,u,br,span,a,p,ul,ol,li and >. Nothing else is allowed inside the closing tag.

All other brackets will be removed with PHP strip_tags.

Not sure what the regex should look like - any help?

Something like...

$input= strip_tags($input, "<b><strong><i><em><u><br><span><a><p><ul><ol><li>");

$input= input_sanitize($input);
echo $input;

function input_sanitize($value) {
    // first, sanitize the opening tags
    $value = preg_replace(
        "/".
        "<(b|strong|i|em|u|br|span|a|p|ul|ol|li)".
       开发者_运维问答 "(.*?)".
        "(((style\=('|\")(.+?)('|\"))*?)(.*?)((href\=('|\")(.+?)('|\"))*?))".
        "(.*?)>/im", 
            "<$1 $3 $5>", 
            $value);
    // second, sanitize the closing tags
    $value = preg_replace(
        "/<\/(.*?)(b|strong|i|em|u|br|span|a|p|ul|ol|li)(.*?)>/im"
        "</$2>",
        $value);
    return $value;
}

Anyone good at regex? :D


When it comes to security I suggest to use stable and secure solutions such as HTML Purifier.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜