#native_company# #native_desc#


By James Thomsen
on October 13, 2002

Version: 1.0

Type: Function

Category: HTML

License: GNU General Public License

Description: I got the idea from the safeHTML snippet elsewhere in PHPbuilder. I wanted more control, and I wanted it to escape all other the extra < and >.

/*Questions, comments, ideas, or improvments [email protected] 
This will take a string reference and only allow the tags and values in the approvedtags array.  All non-approved tags will be converted to the right HTML characters.  All non-approved attributes will be removed (I hope)  =P  */

function safeHTML(&$str){
	$approvedtags = array(
	"a"=>array('href', 'target'),
	"hr"=>array('align', 'width', 'size', 'noshade'),
	"ol"=>array('type', 'start'),
	$keys = array_keys($approvedtags);
	$first = 1;
	foreach($text as $value){
		if(count($temp) > 1){
			$tag=split(' ',$temp[0]);
			if($tag[0][0] == '/'){
				for($i=1; $i<=count($tag); $i++){
					if(in_array($attributes[0], $approvedtags[$tag[0]])){
						$string.=' '.$tag[$i];
			if( ! $first){
			$string .= htmlentities($value);
		$first = 0;
	$str = $string;