PHP form clean-up?
Question
I need to sanitized the form input for a textarea field.
The opening tag can allow b,strong,i,em,u,br,span,a,p,ul,ol,li - it can also have style="". But remove all others: class="", id="", javascript, etc.
The closing tag can only be </ and one of b,strong,i,em,u,br,span,a,p,ul,ol,li and >. Nothing else is allowed inside the closing tag.
All other brackets will be removed with PHP strip_tags.
Not sure what the regex should look like - any help?
Something like...
$input= strip_tags($input, "<b><strong><i><em><u><br><span><a><p><ul><ol><li>");
$input= input_sanitize($input);
echo $input;
function input_sanitize($value) {
// first, sanitize the opening tags
$value = preg_replace(
"/".
"<(b|strong|i|em|u|br|span|a|p|ul|ol|li)".
"(.*?)".
"(((style\=('|\")(.+?)('|\"))*?)(.*?)((href\=('|\")(.+?)('|\"))*?))".
"(.*?)>/im",
"<$1 $3 $5>",
$value);
// second, sanitize the closing tags
$value = preg_replace(
"/<\/(.*?)(b|strong|i|em|u|br|span|a|p|ul|ol|li)(.*?)>/im"
"</$2>",
$value);
return $value;
}
Anyone good at regex? :D
1 answers
solution1
3 ACCPTED 2011-03-17 12:51:03
关于安全性,我建议使用稳定且安全的解决方案,例如HTML Purifier 。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.