CODEWITHSUNDEEP
phpregex
codemonkey613
codemonkey613

Reputation: 998

PHP form clean-up?

I need to sanitized the form input for a textarea field.

The opening tag can allow b,strong,i,em,u,br,span,a,p,ul,ol,li - it can also have style="". But remove all others: class="", id="", javascript, etc.

The closing tag can only be </ and one of b,strong,i,em,u,br,span,a,p,ul,ol,li and >. Nothing else is allowed inside the closing tag.

All other brackets will be removed with PHP strip_tags.

Not sure what the regex should look like - any help?

Something like...

$input= strip_tags($input, "<b><strong><i><em><u><br><span><a><p><ul><ol><li>");

$input= input_sanitize($input);
echo $input;

function input_sanitize($value) {
    // first, sanitize the opening tags
    $value = preg_replace(
        "/".
        "<(b|strong|i|em|u|br|span|a|p|ul|ol|li)".
        "(.*?)".
        "(((style\=('|\")(.+?)('|\"))*?)(.*?)((href\=('|\")(.+?)('|\"))*?))".
        "(.*?)>/im", 
            "<$1 $3 $5>", 
            $value);
    // second, sanitize the closing tags
    $value = preg_replace(
        "/<\/(.*?)(b|strong|i|em|u|br|span|a|p|ul|ol|li)(.*?)>/im"
        "</$2>",
        $value);
    return $value;
}

Anyone good at regex? :D

Upvotes: 1

Views: 385

Answers (1)

Sam Dark
Sam Dark

Reputation: 5291

When it comes to security I suggest to use stable and secure solutions such as HTML Purifier.

Upvotes: 3

Related Questions