Well you can use string strip_tags ( string str [, string allowable_tags] ) function Andy Peter Lauri wrote: > Hi, > > Thanks for you comment. I already changed to <span>. > > About sanitation: Do you know any open source where it checks code if it is > acceptable or not? Or should I just create a lib that do some preg_match to > see if any javascript tag is inside (assuming javascript should not be > allowed). > > This is a private system, so I do not worry so much :) > > /Peter > > -----Original Message----- > From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx] > Sent: Wednesday, September 20, 2006 2:13 PM > To: Peter Lauri > Cc: 'PHP General' > Subject: RE: preg_replace (again) [solved] > > On Wed, 2006-09-20 at 11:45 +0700, Peter Lauri wrote: >> Just to share my solution: > > Out of curiosity, why don't you go with the very well known BBCode > system? > >> preg_replace('/_color:(.*?)_(.*?)_color_/i', '<font color="$1">$2</font>', >> $html); > > Hopefully this is a private system, otherwise someone not very nice > might do the following: > > ---- > This is some _color:pink"> <script type="text/javascript" > language="javascript"> > document.location = 'http://www.myDoityPr0nCollection.com'; > </script><font color="pink_ colored text _color_ that I want to transfer > ---- > > You need better content sanitization ]:B > > FWIW, the <font> tag is about as deprecated as deprecated can get. You > might consider switching to <span>. > > Cheers, > Rob. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
