dcsimg
www.webdeveloper.com
Results 1 to 6 of 6

Thread: Removing Tags

  1. #1
    Join Date
    Apr 2009
    Posts
    346

    Removing Tags

    I'm trying to only allow certain tags for text that is input through a text editor. I've got the following code that all text is filtered through first:

    PHP Code:
    $_content strip_tags($_content'<p></p><a></a><ul></ul><li></li><h1></h1>'); 
    My understanding is that this will allow the tags above and strip the rest out, but I noticed <span> and <font> tags are making it through.

    Is there another function to use to strip out the <span> or <font> tags or am I misusing the strip_tags function?

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    21,426
    You don't need to include the closing tags in the allowed tag list. Maybe that's what's confusing things? See if it makes any difference with ''<p><a><ul><li><h1>'.

    On a side note, be aware that it won't by itself prevent something like the following if you allow the <p> tag, for instance:
    Code:
    <p onmouseover='window.location("http://www.example.com/annoying_page");'>
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  3. #3
    Join Date
    Apr 2009
    Posts
    346
    Quote Originally Posted by NogDog View Post
    You don't need to include the closing tags in the allowed tag list. Maybe that's what's confusing things? See if it makes any difference with ''<p><a><ul><li><h1>'.

    On a side note, be aware that it won't by itself prevent something like the following if you allow the <p> tag, for instance:
    Code:
    <p onmouseover='window.location("http://www.example.com/annoying_page");'>
    I tried it without the closing tags and it still allowed a <span> and <font> tag through.

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    21,426
    Have you considered using BBCode, or a WYSIWYG textarea plugin like TinyMCE? It can give you better overall control without you having to reinvent the wheel, so to speak.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  5. #5
    Join Date
    Apr 2009
    Posts
    346
    Quote Originally Posted by NogDog View Post
    Have you considered using BBCode, or a WYSIWYG textarea plugin like TinyMCE? It can give you better overall control without you having to reinvent the wheel, so to speak.
    I'm using CKEditor and I don't want the customer to change the fonts because then it screws up the default font-size and makes the site look like crap. I just don't understand why strip_tags doesn't remove those tags. Maybe they're exempt

  6. #6
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    21,426
    Have you tried dumping the actual variable being processed right before the call to strip_tags? Is it possible that CKEditor is doing something funky with the mark-up?

    In any case, this little test worked fine for me:
    PHP Code:
    <?php
    $text 
    = <<<EOD
    <p>This is a <span style='font-family:courier'>test</span></p>
    EOD;

    echo 
    "<pre>"htmlspecialchars($text)."</pre>\n";
    echo 
    $text;

    $filtered strip_tags($text'<p><a>');
    echo 
    "<pre>"htmlspecialchars($filtered)."</pre>\n";
    echo 
    $filtered;
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles