strip tags allowed tags...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

strip tags allowed tags...

Post by s.dot »

Code: Select all

$entry2 = str_replace($smilies, $smiliesimg, $entry);
$entry3 = str_replace("&#1111;IMG]", "<img src=", $entry2);
$entry4 = str_replace("&#1111;/IMG]", ">", $entry3);
$entry5 = str_replace("&#1111;QUOTE]", "<blockquote class='code'>", $entry4);
$entry6 = str_replace("&#1111;/QUOTE]", "</blockquote>", $entry5);
$entry7 = mysql_real_escape_string(nl2br(make_clickable(strip_tags($entry6, '<img>,<blockquote>'))));
This code effectively makes data safe for passing along to the database. However I have a problem in that the allowed tags for strip_tags (img and blockquote) can have any attribute fastened to them. What worries me is javascript event handlers like onmouseover, etc. Is there a way to strip all attributes from a tag? With the exception of class='code' for the blockquote tag.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

regular expressions. Get the bible.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Wow, what a vague response.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

what, you expect us to give complete fully working and tested answers to all your questions? You're supposed to learn things here. Not find answers too all things.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

No.

But,
regular expressions. Get the bible.
That is extremely vague. There are complex books written on regular expressions. I need an idea of where to go. I do not expecting fully functional written code.

As for me, when I know an answer to someone's question, I post an exact working code that will match their situation. Show them by doing. That's how I learn. So while I agree with your idea that people need to learn, I dissagree with how you do it.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if you read the regular expression threads listed in the userful posts thread, you should be able to find what you are looking for.. partly, at least.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

apart from all the stuff you can find in this forum....

http://regexlib.com/ and many other sites can be helpful...
Post Reply