Home/ Questions/Q 240803
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T20:41:49+00:00

In a PHP script I’m accepting input from the user from a textarea and

  • 0

In a PHP script I’m accepting input from the user from a textarea and want to allow a few basic tags. So when I output the string I’m using –

echo strip_tags($content, '<b><i><ul><ol><li>');

Now normally I would use FILTER_SANITIZE_STRING but that would strip all tags and I would use html_entities() but that would prevent the tags I’m passing through from displaying as they should.

So what else do I need to strip or encode and how do I do that?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t think you can rely on strip_tags() for security purposes – from http://php.net/strip_tags:

    This function does not modify any
    attributes on the tags that you allow
    using allowable_tags , including the
    style and onmouseover attributes that
    a mischievous user may abuse when
    posting text that will be shown to
    other users.

    It might be better to look at something like HTML Purifier or PEAR HTML_Safe, which should be able to do exactly what you want.

    • 0