开发者

PHP function to strip tags, except a list of whitelisted tags and attributes

问答 作者:

I have to strip all HTML tags and attributes from a user input except the ones considered "safe" (ie, a white list approach).

strip_tags() strips all tags except the ones listed in the $allowable_tags parameter. But I also need to be able to strip all the not whitelisted attr开发者_如何学Cibutes; for example, I want to allow the <b> tag, but I don't want to allow the onclick attribute for obvious reasons.

Is there a function to do that, or will I have to make my own?

As far as I know, the strip_tags solution is about the fastest way to get rid of unwanted tags, and barring 3rd party packages, checking for allowable attributes would be quite easy in DOMDocument,

$string = strip_tags($string,'<b>');
$dom = new DOMDocument();
$dom->loadHTML($string);
$allowed_attributes = array('id');
foreach($dom->getElementsByTagName('*') as $node){
    for($i = $node->attributes->length -1; $i >= 0; $i--){
        $attribute = $node->attributes->item($i);
        if(!in_array($attribute->name,$allowed_attributes)) $node->removeAttributeNode($attribute);
    }
}
var_dump($dom->saveHTML());

继续阅读:html-parsingphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9