Php: remove all tags, but "a href" in a text

Question

Here's my problem:

I have a textarea where the user can enter whatever he wants.

When he sends this text (POST method), on the server side I don't filter it at all before writing it into the database (because I want to keep "intact" what the user entered (maybe it can be used as a proof he tried to hack or whatever)).

Then, before outputting it, I use this function:

public function textForWeb($texte,$br=true)
{
  if ($br) {
    return
      mb_ereg_replace("((
)?
)", "
",
        htmlentities(
          stripslashes($texte),
          ENT_QUOTES, 'UTF-8'
        )
      );
  }
  else {
    return
      htmlentities(
        stripslashes($texte),
        ENT_QUOTES, 'UTF-8'
      );
  }
}

So the text is properly filtered and stays UTF-8 encoded.

But the problem is that I'd like all these text: xxx to be untouched. I.e. when I will display it, the link (and only links with "http://" and no javascript inside) will be "clickable".

For example, you can see how it is displayed now here. See last line of the announce? I'd like the link to the website to be "clickable".

How would you do?

Tom · Accepted Answer

Just add a preg_replace() function to revert the escaped a tags after your htmlentities() function

$output = textForWeb($output);
$output = preg_replace('#<a href="(?=https:\/\/|http:\/\/)(.*?)">(.*?)</a>#i', '$2', $output);

echo $output;

That way you can still escape all other HTML in a safe way (instead of using strip_tags() function.)

This preg_replace() function searches for a tags linking to pages starting with http:// or https:// and then replaces the escaped special characters with <, > and ", making the link clickable again.

Php: remove all tags, but "a href" in a text

Answers (2)

Related Questions

Php: remove all tags, but &quot;a href&quot; in a text

Answers (2)

Related Questions

Php: remove all tags, but "a href" in a text