function validCleanHtml( $unclosedString )
{
preg_match_all( "/<([^\/]\w*)>/", $closedString = $unclosedString, $tags );
for ( $i = count( $tags[1] ) - 1; $i >= 0; $i-- )
{
$tag = $tags[1][$i];
if ( substr_count( $closedString, "</$tag>" ) < substr_count( $closedString, "<$tag>" ) )
$closedString .= "</$tag>";
}
$validTags = "<em><strong>";
$validClosedString = strip_tags( $closedString, $validTags );
return $validClosedString;
}
ok what i want is to enable 2 html, em and strong, is this just secure from xss ? if not how can we secure it ?
I think that
strip_tagsholds the answer.https://www.php.net/strip_tags
Rather than enabling certain fields, you could also remove the ones you don’t want. Namely:
link,style,script,iframe,frame