www.webdeveloper.com
Results 1 to 6 of 6

Thread: Removing Tags

  1. #1
    Join Date
    Apr 2009
    Posts
    346

    Removing Tags

    I'm trying to only allow certain tags for text that is input through a text editor. I've got the following code that all text is filtered through first:

    PHP Code:
    $_content strip_tags($_content'<p></p><a></a><ul></ul><li></li><h1></h1>'); 
    My understanding is that this will allow the tags above and strip the rest out, but I noticed <span> and <font> tags are making it through.

    Is there another function to use to strip out the <span> or <font> tags or am I misusing the strip_tags function?

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,224
    You don't need to include the closing tags in the allowed tag list. Maybe that's what's confusing things? See if it makes any difference with ''<p><a><ul><li><h1>'.

    On a side note, be aware that it won't by itself prevent something like the following if you allow the <p> tag, for instance:
    Code:
    <p onmouseover='window.location("http://www.example.com/annoying_page");'>
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Apr 2009
    Posts
    346
    Quote Originally Posted by NogDog View Post
    You don't need to include the closing tags in the allowed tag list. Maybe that's what's confusing things? See if it makes any difference with ''<p><a><ul><li><h1>'.

    On a side note, be aware that it won't by itself prevent something like the following if you allow the <p> tag, for instance:
    Code:
    <p onmouseover='window.location("http://www.example.com/annoying_page");'>
    I tried it without the closing tags and it still allowed a <span> and <font> tag through.

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,224
    Have you considered using BBCode, or a WYSIWYG textarea plugin like TinyMCE? It can give you better overall control without you having to reinvent the wheel, so to speak.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Apr 2009
    Posts
    346
    Quote Originally Posted by NogDog View Post
    Have you considered using BBCode, or a WYSIWYG textarea plugin like TinyMCE? It can give you better overall control without you having to reinvent the wheel, so to speak.
    I'm using CKEditor and I don't want the customer to change the fonts because then it screws up the default font-size and makes the site look like crap. I just don't understand why strip_tags doesn't remove those tags. Maybe they're exempt

  6. #6
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,224
    Have you tried dumping the actual variable being processed right before the call to strip_tags? Is it possible that CKEditor is doing something funky with the mark-up?

    In any case, this little test worked fine for me:
    PHP Code:
    <?php
    $text 
    = <<<EOD
    <p>This is a <span style='font-family:courier'>test</span></p>
    EOD;

    echo 
    "<pre>"htmlspecialchars($text)."</pre>\n";
    echo 
    $text;

    $filtered strip_tags($text'<p><a>');
    echo 
    "<pre>"htmlspecialchars($filtered)."</pre>\n";
    echo 
    $filtered;
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles