Page 1 of 1

strip tags allowed tags...

Posted: Tue Feb 15, 2005 4:47 am
by s.dot

Code: Select all

$entry2 = str_replace($smilies, $smiliesimg, $entry);
$entry3 = str_replace("&#1111;IMG]", "<img src=", $entry2);
$entry4 = str_replace("&#1111;/IMG]", ">", $entry3);
$entry5 = str_replace("&#1111;QUOTE]", "<blockquote class='code'>", $entry4);
$entry6 = str_replace("&#1111;/QUOTE]", "</blockquote>", $entry5);
$entry7 = mysql_real_escape_string(nl2br(make_clickable(strip_tags($entry6, '<img>,<blockquote>'))));
This code effectively makes data safe for passing along to the database. However I have a problem in that the allowed tags for strip_tags (img and blockquote) can have any attribute fastened to them. What worries me is javascript event handlers like onmouseover, etc. Is there a way to strip all attributes from a tag? With the exception of class='code' for the blockquote tag.

Posted: Tue Feb 15, 2005 7:44 am
by feyd
regular expressions. Get the bible.

Posted: Tue Feb 15, 2005 3:21 pm
by s.dot
Wow, what a vague response.

Posted: Tue Feb 15, 2005 3:36 pm
by feyd
what, you expect us to give complete fully working and tested answers to all your questions? You're supposed to learn things here. Not find answers too all things.

Posted: Tue Feb 15, 2005 5:47 pm
by s.dot
No.

But,
regular expressions. Get the bible.
That is extremely vague. There are complex books written on regular expressions. I need an idea of where to go. I do not expecting fully functional written code.

As for me, when I know an answer to someone's question, I post an exact working code that will match their situation. Show them by doing. That's how I learn. So while I agree with your idea that people need to learn, I dissagree with how you do it.

Posted: Tue Feb 15, 2005 5:56 pm
by feyd
if you read the regular expression threads listed in the userful posts thread, you should be able to find what you are looking for.. partly, at least.

Posted: Wed Feb 16, 2005 3:48 am
by timvw
apart from all the stuff you can find in this forum....

http://regexlib.com/ and many other sites can be helpful...