Remember that making it possible for anchor labels or href functions opens up another possible defense hole this services wouldn’t avoid

By Radio Bandhan Last updated Jul 28, 2023

form stripUnwantedTagsAndAttrs ( $html_str ) $xml = new DOMDocument (); //Prevents cautions: proper error addressing is out of extent away from example libxml_use_internal_mistakes ( true ); //Record the latest tags we want to allow it to be right here, Notice you should succeed html and body or even whole string often end up being removed $allowed_tags = array( “html” , “body” , “b” , “br” , “em” , “hr” , “i” , “li” , “ol” , “p” , “s” , “span” , “table” , “tr” , “td” , “u” , “ul” ); //Checklist new functions we should create here $allowed_attrs = assortment ( “class” , “id” , “style” ); when the (! strlen ( $html_str )) if the ( $xml -> loadHTML ( $html_str , LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD )) foreach ( $xml -> getElementsByTagName ( “*” ) while the $tag ) if (! in_variety ( $tag -> tagName , $allowed_labels )) $level -> parentNode -> removeChild ( $mark ); >more foreach ( $level -> functions as the $attr ) if the (! in_variety ( $attr -> nodeName , $allowed_attrs )) $tag -> removeAttribute ( $attr -> nodeName ); > > > > > come back $xml -> saveHTML ();> ?>

When you need to rating legitimate tags then use remove_attrs solution, though it doesn’t make sure tags are well-balanced or included in the latest compatible framework

Immediately following upgrading out of v7.3.3 in order to v7.step 3.eight it appears to be nested “php tags” to the a sequence are not any expanded getting removed accurately by the remove_tags().

$data = ‘Each
NewLine’ ; $new = strip_tags ( $data , ” ); var_dump ( $new ); // OUTPUTS string(11) “EachNewLine” ?>

Having state-of-the-art reason consider using DOM parser

Features:* deductible labels (such as strip_tags),* elective stripping top features of the newest deductible tags,* elective review sustaining,* removing busted and you may unclosed labels and you will statements,* elective callback form call for every piece canned making it possible for flexible replacements.

function better_strip_tags ( $str , $allowable_tags = ” , $strip_attrs = false , $preserve_comments = false , callable $callback = null ) $allowable_tags = array_map ( ‘strtolower’ , array_filter ( // lowercase preg_split ( ‘/(?:>|^)\\s*(?: <|$)/'>// filter broken ) ); $comments_and_stuff = preg_split ( ‘/(