How do I get PHP strip_tags to remove HTML and Script tags but not XML?
Question
I was using the php strip_tags() function to remove html tags from my text area input and to remove < script > tags to help guard against scripting attacks.
Anyway, often times the user is going to need to input XML tags that are not known in advance. However, my strip_tags function is removing these benign xml tags as well, which is not acceptable.
Also, I'll sometimes put filename.< date>.png (had to add a space there because StackOverflow removed it as well lol) to indicate variable parts of a file name or path. In this case what I end up with is filename..png after strip_tags is run.
Any help would be greatly appreciated.
3 answers
solution1
0 2012-05-03 17:50:48
It is not possible to make strip_tags not remove unknown tags. You may want to look at DOMDocument for a viable alternative.
solution2
0 ACCPTED 2012-05-03 18:00:40
strip_tags() is defined as removing all HTML/XML tags (other than the individual tags specified in the second argument). There is no distinction between the two types of tags, nor between that and <date> used as a placeholder -- all three look like tags to strip_tags() , so it removes them.
solution3
0 2019-03-20 19:38:29
$s = preg_replace("/<\?xml(.*?)\?>/i", "<xmlDeclaration$1>", $s); $s = strip_tags($s, '<xmlDeclaration><' . implode('><', $allowedTags) . '>'); $s = preg_replace("/<xmlDeclaration(.*?)>/i", "<?xml$1?>", $s);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.