Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

striping html tags

Status
Not open for further replies.
aarrgghh

aarrgghh

Technical User
Sep 5, 2002
60
US
Hello all,

I have set up a forum. I need an easy way to strip tags that is reliable and safe.

Thanks in advance!
 
Sort by date Sort by votes
Or run it through htmlspecialchars(). That way if anyone types any code it'll be converted so that any < or > becomes &lt; and &gt;
 
Upvote 0 Downvote
using htmlspecialcharacters what would the output be for:

<img src=&quot;javascript:alert('hello')&quot;>

and

</ta</table>ble>

?

Thanks again!
 
Upvote 0 Downvote
Yeah I was looking at that one, but not sure that it catches

</ta</table>ble>

unless I wrote a loop function. Don't tell anyone, but I am just trying to be lazy.
 
Upvote 0 Downvote
htmlspecialchars would change
Code: 
</ta</table>ble>
into
&lt;/ta&lt/table&gt;ble&gt;

I though this might be best for a forum so that anyone who wants to post any special html characters (&<>&quot;') for legitimate reason, can do so.
The function that DRJ478 is also a good idea. I didn't even know that existed. You learn something new everyday :D
 
Upvote 0 Downvote
You want to strip the tags to keep users from posting HTML or malicious code.
Code: 
</ta</table>ble>
will be stripped by strip_tags into
Code: 
ble>
.
This means the tag is disabled even though there is a remnant of the nested tags.

Converting to htmspecialchars will display the tags in a kind of source code view and also disable them. If you state on your site that HTML will be disabled people who try to post HTML etc. will just have to reckon ugly looking posts.

 
Upvote 0 Downvote
use the str_replace function!

$string = $_POST['formthing'];

$string2 = str_replace(&quot;</script> </script&quot;, &quot;&quot;, $string);

echo($string);

gd luck


Martin

Computing help and info:

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
199
PeDa
PeDa
PeDa
  • Locked
  • Question
unwanted spaces inserted into the middle of php-generated html email body 1
Replies
2
Views
115
PeDa
PeDa
dball63
  • Locked
  • Question
Noob Needs some help making HTML edits on PHP page
Replies
6
Views
171
spamjim
spamjim
Brianfree
  • Locked
  • Question
PHP / HTML Spreadsheet
Replies
1
Views
80
Brianfree
Brianfree
appi
  • Locked
  • Question
converting a HTML File into BBCode for phpBB3
Replies
6
Views
143
appi
appi

Part and Inventory Search

Sponsor

Back
Top