Okay, I have it all set to remove ALL tags and their attributes that I don't want. Now I just have to strip the attributes from any remaining tags. Anyone know of something that will strip all attributes from any tag, but leave the tag in tact? So <p junk=junk> would be <p> and </p more junk> would be </p>. I just need this to work for any tag, no just <p>. Any suggestions for this?
Thanks, Matt "Jochem Maas" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Matt Palermo wrote: > > > I am building a system which allows users to post data. I want to allow > > them to use ONLY certain tags such as <p>, </p>, <b>, </b>, <i>, </i>, > > etc... I want to allow them to use only these, and then strip out ALL > > attributes inside the tags. So if they input something like <p junk=junk>, > > it would switch it to just <p>. Anyone know of a way this can be done? > > regular expressions, heres an example: > > <?php > > $input = 'this <div>is some</div> <u><b class="haxor">bad</b></u> HTML'; > echo "{$input}\n"; > $input = preg_replace('/<\/?[^pbiu\/][^>]*>/', '', $input); > echo "{$input}\n"; > $input = preg_replace('/<([pbiu])[^>]*>/', '<\1>', $input); > echo "{$input}\n"; > $input = str_replace('bad', 'good', $input); > echo "{$input}\n"; > > ?> > > you might also think about stripping <script> tags etc. > try taking a look at some forum code (e.g. phpbb.com) to see how they do > it. > > no doubt that some real regexp wizard could perform the above > replacements in a single regexp but hopefully it gives you an idea... if > your not yet familiar with regexps then I strongly recommend you read > the relevant part of the manual - they are very handy things indeed. > > > > > Thanks, > > > > Matt Palermo > > http://sweetphp.com > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php