James Dale
Reputation: 126
Combining htmlspecialchars and strip_tags
So I'm wanting to combine the functionality of htmlspecialchars and strip_tags.
The elements I have so far are:
<form>
....
<section contenteditable="true" placeholder="Please enter your text content here..." class="content" id="content" name="content" type="text" cols="30" rows="10"></section>
....
</form>
This is then submitted
....
$content = $_POST['content'];
...Some SQL...
$content = $c['content'];
$new = htmlspecialchars($content, ENT_QUOTES);
I wanting to combine htmlspecialchars and strip_tags together, they both work separately and produce the right result.
$new = strip_tags($content, '<code><b><i>');
....
So and example would be that this tag:
<section>
would be displayed as plain text where as this tag:
<code>
would be formatted correctly.
Upvotes: 0
Views: 499
Answers (1)
AbraCadaver
Reputation: 78994
Something like this should work, maybe put it in a function:
$allowed = strip_tags($content, '<code><b><i>');
$content = htmlspecialchars($content, ENT_QUOTES);
$content = str_replace(htmlspecialchars($allowed, ENT_QUOTES), $allowed, $content);
Upvotes: 1
Related Questions
- replace all but certain html tags with htmlspecialchars() in PHP?
- How to strip tags in a safer way than using strip_tags function?
- Where to use strip_tags() and htmlspecialchars()
- PHP strip_tag and htmlspecialchars not working for multiple input
- Using htmlspecialchars and strip_tags for more security
- Stripping html tags using php
- remove html tags
- PHP strip_tags except certain characters
- PHP Security - Combining functionality of strip_tags(); & htmlspecialchars();
- How to Remove Html Tags in PHP?