Reputation: 3736
How to strip tags in a safer way than using strip_tags function?
I'm having some problems using strip_tags PHP function when the string contains 'less than' and 'greater than' signs. For example:
If I do:
strip_tags("<span>some text <5ml and then >10ml some text </span>");
I'll get:
some text 10ml some text
But, obviously I want to get:
some text <5ml and then >10ml some text
Yes I know that I could use < and >, but I don't have chance to convert those characters into HTML entities since data is already stored as you can see in my example.
What I'm looking for is a clever way to parse HTML in order to get rid only actual HTML tags.
Since TinyMCE was used for generate that data, I know which actual html tags could be used in any case, so a strip_tags($string, $black_list) implementation would be more usefull than strip_tags($string, $allowable_tags).
Any thoughs?
Upvotes: 8
Views: 7034
Answers (4)
Reputation: 101
Following up on the accepted answer that uses a heuristic function to try to remove tags while sparing < and > signs, here is a version that uses preg_replace_callback, as the /e modifier in preg_replace is now deprecated:
function HTMLToString($string){
return htmlspecialchars_decode(strip_tags(preg_replace_callback("# <(?![/a-z]) | (?<=\s)>(?![a-z]) #xi",
function ($matches){
return (htmlentities($matches[0]));
}
, $string)));
}
Upvotes: 0
Reputation: 19251
Instead of strip_tags(), just use htmlspecialchars() instead.
http://php.net/manual/en/function.htmlspecialchars.php
Upvotes: 2
Reputation: 145482
As a wacky workaround you could filter non-html brackets with:
$html = preg_replace("# <(?![/a-z]) | (?<=\s)>(?![a-z]) #exi", "htmlentities('$0')", $html);
Apply strip_tags() afterwards. Note how this only works for your specific example and similar cases. It's a regular expression with some heuristics, not artificial intellegince to discern html tags from unescaped angle brackets with other meaning.
Upvotes: 6
Reputation: 92762
If you want to have "greater than" and "lesser than" signs, you need to escape them:
> is >
< is <
See e.g. this: http://www.w3schools.com/html/html_entities.asp
Upvotes: 4
Related Questions
- strip_tags in php doesnt help, need a better alternative
- PHP: strip_tags - remove only certain tags (and their contents)?
- Stripping html tags using php
- remove html tags
- Is there an alternative to PHP's strip_tags()
- Strip only valid html
- Strip HTML tags and its contents
- Stripping specific HTML tags in PHP
- php strip_tags() troubles
- PHP strip_tags() function