开发者

php strip_tags: allows <br />?

How it is possible to allow <br /> in strip_tags() or any way I can get around to it?

<?php
$text = '<p>Test &开发者_如何学Golt;br />paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
echo "\n";

// Allow <p>, <a>, <br />
echo strip_tags($text, '<p><a><br />');
echo "\n";

// Allow <br /> only
echo strip_tags($text, '<br />');
?>

result:

Test paragraph. Other text
<p>Test paragraph.</p> <a href="#fragment">Other text</a>
Test paragraph. Other text

Thanks, Lau


Don't use a self-closing tag name? echo strip_tags($text, '<br>');

The strip_tags() function's allowable_tags argument takes the allowed tags in the form <tagname> The reason your code didn't work was because you used <br /> instead of <br>.


strip_tags is not intended as a security measure, and using it with allowable_tags is definitely insecure, as it'll let through event handler and other harmful attributes.

If you want to allow user input with a few whitelisted elements and attributes you'll need to use a HTML-sanitising library with a proper HTML parser. See for example HTML purifier.

It's usually better for user comments not to give the user control over the HTML markup at all, but instead to accept raw text, HTML-escape it on output, and do replacements to generate markup from text (eg: \n -> <br>, \n\n -> </p><p>, link detection).


Whitespace is also not allowed in tags: http://php.net/manual/en/function.strip-tags.php (see 2nd note)


Ya you can mix one or more tag to be striped same time.

string strip_tags ( string $str [, string $allowable_tags ] )

check documentation

  • http://php.net/manual/en/function.strip-tags.php

if you want to strip new line as well solution will be before stripping you can use nl2br

  • http://php.net/manual/en/function.nl2br.php

so

echo strip_tags(nl2br($text), '<br>');
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜