Version: 1.0
Type: Function
Category: HTML
License: GNU General Public License
Description: I got the idea from the safeHTML snippet elsewhere in PHPbuilder. I wanted more control, and I wanted it to escape all other the extra < and >.
<?PHP /*Questions, comments, ideas, or improvments [email protected] This will take a string reference and only allow the tags and values in the approvedtags array. All non-approved tags will be converted to the right HTML characters. All non-approved attributes will be removed (I hope) =P */ function safeHTML(&$str){ $approvedtags = array( "p"=>array('align'), "b"=>array(), "i"=>array(), "a"=>array('href', 'target'), "em"=>array(), "br"=>array(), "strong"=>array(), "blockquote"=>array(), "tt"=>array(), "hr"=>array('align', 'width', 'size', 'noshade'), "li"=>array('type'), "ol"=>array('type', 'start'), "ul"=>array('type'), "pre"=>array() ); $keys = array_keys($approvedtags); $text=split('<',$str); $first = 1; foreach($text as $value){ $temp=split('>',$value); if(count($temp) > 1){ $end=''; $tag=split(' ',$temp[0]); if($tag[0][0] == '/'){ $end='/'; $tag[0]=substr($tag[0],1); } if(in_array($tag[0],$keys)){ $string.='<'.$end.$tag[0]; for($i=1; $i<=count($tag); $i++){ $attributes=split('=',$tag[$i]); if(in_array($attributes[0], $approvedtags[$tag[0]])){ $string.=' '.$tag[$i]; } } $string.='>'; }else{ $string.='<'.htmlentities($value); } $string.=htmlentities($temp[1]); }else{ if( ! $first){ $string.='<'; } $string .= htmlentities($value); } $first = 0; } $str = $string; } ?>
