Page 1 of 1

Allow only <br>, <p>, and <a href in form ent

Posted: Tue Aug 08, 2006 1:43 pm
by Citizen
Basically, I've got a form where my users can type in information thats going to be echo'd out on a page.

The problem is, I only want <br>, <p>, and <a href to be allowed and not any other html.

How would i accomplish this?

Posted: Tue Aug 08, 2006 1:50 pm
by feyd
strip_tags() .. but you will need to filter the results further.

Posted: Tue Aug 08, 2006 5:25 pm
by ronverdonk
When you let users type data that you are echoing back, you'd better make sure that you validate everything! Have a look at the "Input filter" class at http://www.phpclasses.org/browse/package/2189.html.
This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.
The nice thing is that this class also lets you define in the parameters what tags NOT to clean! Have a look.