Version: 1.0
Type: Function
Category: HTML
License: GNU General Public License
Description: I got the idea from the safeHTML snippet elsewhere in PHPbuilder. I wanted more control, and I wanted it to escape all other the extra < and >.
<?PHP
/*Questions, comments, ideas, or improvments B-L-T@excite.com
This will take a string reference and only allow the tags and values in the approvedtags array. All non-approved tags will be converted to the right HTML characters. All non-approved attributes will be removed (I hope) =P */
function safeHTML(&$str){
$approvedtags = array(
"p"=>array('align'),
"b"=>array(),
"i"=>array(),
"a"=>array('href', 'target'),
"em"=>array(),
"br"=>array(),
"strong"=>array(),
"blockquote"=>array(),
"tt"=>array(),
"hr"=>array('align', 'width', 'size', 'noshade'),
"li"=>array('type'),
"ol"=>array('type', 'start'),
"ul"=>array('type'),
"pre"=>array()
);
$keys = array_keys($approvedtags);
$text=split('<',$str);
$first = 1;
foreach($text as $value){
$temp=split('>',$value);
if(count($temp) > 1){
$end='';
$tag=split(' ',$temp[0]);
if($tag[0][0] == '/'){
$end='/';
$tag[0]=substr($tag[0],1);
}
if(in_array($tag[0],$keys)){
$string.='<'.$end.$tag[0];
for($i=1; $i<=count($tag); $i++){
$attributes=split('=',$tag[$i]);
if(in_array($attributes[0], $approvedtags[$tag[0]])){
$string.=' '.$tag[$i];
}
}
$string.='>';
}else{
$string.='<'.htmlentities($value);
}
$string.=htmlentities($temp[1]);
}else{
if( ! $first){
$string.='<';
}
$string .= htmlentities($value);
}
$first = 0;
}
$str = $string;
}
?>