Allow only <br>, <p>, and <a href in form ent

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Allow only <br>, <p>, and <a href in form ent

Post by Citizen »

Basically, I've got a form where my users can type in information thats going to be echo'd out on a page.

The problem is, I only want <br>, <p>, and <a href to be allowed and not any other html.

How would i accomplish this?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

strip_tags() .. but you will need to filter the results further.
User avatar
ronverdonk
Forum Commoner
Posts: 34
Joined: Sat Jun 10, 2006 7:06 am
Location: Netherlands

Post by ronverdonk »

When you let users type data that you are echoing back, you'd better make sure that you validate everything! Have a look at the "Input filter" class at http://www.phpclasses.org/browse/package/2189.html.
This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.
The nice thing is that this class also lets you define in the parameters what tags NOT to clean! Have a look.
Post Reply