Page 1 of 1
strip tags allowed tags...
Posted: Tue Feb 15, 2005 4:47 am
by s.dot
Code: Select all
$entry2 = str_replace($smilies, $smiliesimg, $entry);
$entry3 = str_replace("їIMG]", "<img src=", $entry2);
$entry4 = str_replace("ї/IMG]", ">", $entry3);
$entry5 = str_replace("їQUOTE]", "<blockquote class='code'>", $entry4);
$entry6 = str_replace("ї/QUOTE]", "</blockquote>", $entry5);
$entry7 = mysql_real_escape_string(nl2br(make_clickable(strip_tags($entry6, '<img>,<blockquote>'))));
This code effectively makes data safe for passing along to the database. However I have a problem in that the allowed tags for strip_tags (img and blockquote) can have any attribute fastened to them. What worries me is javascript event handlers like onmouseover, etc. Is there a way to strip all attributes from a tag? With the exception of class='code' for the blockquote tag.
Posted: Tue Feb 15, 2005 7:44 am
by feyd
regular expressions. Get the bible.
Posted: Tue Feb 15, 2005 3:21 pm
by s.dot
Wow, what a vague response.
Posted: Tue Feb 15, 2005 3:36 pm
by feyd
what, you expect us to give complete fully working and tested answers to all your questions? You're supposed to learn things here. Not find answers too all things.
Posted: Tue Feb 15, 2005 5:47 pm
by s.dot
No.
But,
regular expressions. Get the bible.
That is extremely vague. There are complex books written on regular expressions. I need an idea of where to go. I do not expecting fully functional written code.
As for me, when I know an answer to someone's question, I post an exact working code that will match their situation. Show them by doing. That's how I learn. So while I agree with your idea that people need to learn, I dissagree with how you do it.
Posted: Tue Feb 15, 2005 5:56 pm
by feyd
if you read the regular expression threads listed in the userful posts thread, you should be able to find what you are looking for.. partly, at least.
Posted: Wed Feb 16, 2005 3:48 am
by timvw
apart from all the stuff you can find in this forum....
http://regexlib.com/ and many other sites can be helpful...