[英]PHP htmlentities allow <b> and <i> only
<?php
$string = htmlentities($text);
$string = str_replace(array("<i>", "<b>", "</i>", "</b>"), array("<i>", "<b>", "</i>", "</b>"), $string);
# Sanitizer function - removes forbidden tags, including script tags
function strip_tags_attributes( $str,
$allowedTags = array('<a>','<b>','<blockquote>','<br>','<cite>','<code>','<del>','<div>','<em>','<ul>','<ol>','<li>','<dl>','<dt>','<dd>','<img>','<ins>','<u>','<q>','<h3>','<h4>','<h5>','<h6>','<samp>','<strong>','<sub>','<sup>','<p>','<table>','<tr>','<td>','<th>','<pre>','<span>'),
$disabledEvents = array('onclick','ondblclick','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmousemove','onmouseout','onmouseover','onmouseup','onunload') )
{
if( empty($disabledEvents) ) {
return strip_tags($str, implode('', $allowedTags));
}
return preg_replace('/<(.*?)>/ies', "'<' . preg_replace(array('/javascript:[^\"\']*/i', '/(" . implode('|', $disabledEvents) . ")=[\"\'][^\"\']*[\"\']/i', '/\s+/'), array('', '', ' '), stripslashes('\\1')) . '>'", strip_tags($str, implode('', $allowedTags)));
}
對於您的示例,從$allowedTags
數組中刪除除<b>
和<i>
之外的所有內容。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.