I have to strip all HTML tags and attributes from a user input except

Question

0

Asked: May 16, 20262026-05-16T03:29:47+00:00 2026-05-16T03:29:47+00:00

I have to strip all HTML tags and attributes from a user input except

0

I have to strip all HTML tags and attributes from a user input except the ones considered “safe” (ie, a white list approach).

strip_tags() strips all tags except the ones listed in the $allowable_tags parameter. But I also need to be able to strip all the not whitelisted attributes; for example, I want to allow the <b> tag, but I don’t want to allow the onclick attribute for obvious reasons.

Is there a function to do that, or will I have to make my own?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T03:29:48+00:00

As far as I know, the strip_tags solution is about the fastest way to get rid of unwanted tags, and barring 3rd party packages, checking for allowable attributes would be quite easy in DOMDocument,

$string = strip_tags($string,'<b>');
$dom = new DOMDocument();
$dom->loadHTML($string);
$allowed_attributes = array('id');
foreach($dom->getElementsByTagName('*') as $node){
    for($i = $node->attributes->length -1; $i >= 0; $i--){
        $attribute = $node->attributes->item($i);
        if(!in_array($attribute->name,$allowed_attributes)) $node->removeAttributeNode($attribute);
    }
}
var_dump($dom->saveHTML());

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have to strip all HTML tags and attributes from a user input except

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply