I would like to process my user input to allow only certain html tags, and replace the other ones by their html entities, as well as replace non-tag-characters. For example, if I only wanted to allow the <b>
and the <a>
tag, then
allow_only("This is <b>bold</b> and this is <i>italic</i>.
Moreover 2<3 and <a href='google.com'>this is a link</a>.","<b><a>");
should produce
This is <b>bold</b> and this is <i>italic</i>.
Moreover 2<3 and <a href='google.com'>this is a link</a>.
How can I do this in PHP? I am aware of strip_tags()
that can remove the unwanted tags completely, and I'm aware of htmlspecialchars()
which can replace all tags by their html entities, but none where only specific tags get replaced. How can this be done in PHP?
And if there is no 'common' way to do this, how should I in general go on processing user input that can have valid regular html, but can also have <
signs and potentially dangerous html code?