$var = preg_replace( "/<\s*([a-z]+)([^>]*)>/i" , "<//1>" , $var );
special action on the closing tags is not necc. as they don't contain any attributes.
-- red
Matt Palermo wrote:
Okay, I have it all set to remove ALL tags and their attributes that I don't want. Now I just have to strip the attributes from any remaining tags. Anyone know of something that will strip all attributes from any tag, but leave the tag in tact? So <p junk=junk> would be <p> and </p more junk> would be </p>. I just need this to work for any tag, no just <p>. Any suggestions for this?
Thanks,
Matt
"Jochem Maas" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
Matt Palermo wrote:
I am building a system which allows users to post data. I want to allow them to use ONLY certain tags such as <p>, </p>, <b>, </b>, <i>, </i>, etc... I want to allow them to use only these, and then strip out ALL attributes inside the tags. So if they input something like <p
junk=junk>,
it would switch it to just <p>. Anyone know of a way this can be done?
regular expressions, heres an example:
<?php
$input = 'this <div>is some</div> <u><b class="haxor">bad</b></u> HTML'; echo "{$input}\n"; $input = preg_replace('/<\/?[^pbiu\/][^>]*>/', '', $input); echo "{$input}\n"; $input = preg_replace('/<([pbiu])[^>]*>/', '<\1>', $input); echo "{$input}\n"; $input = str_replace('bad', 'good', $input); echo "{$input}\n";
?>
you might also think about stripping <script> tags etc. try taking a look at some forum code (e.g. phpbb.com) to see how they do it.
no doubt that some real regexp wizard could perform the above replacements in a single regexp but hopefully it gives you an idea... if your not yet familiar with regexps then I strongly recommend you read the relevant part of the manual - they are very handy things indeed.
Thanks,
Matt Palermo http://sweetphp.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
