I am using strip tags on user inputs to remove all possible tags but the strip_tags php function is also removing '<' even if not used in a tag.
for example some user might use emoticon as such: >.< or <3
or this can even be used when algorithms etc.
Are there any solution to allow the '<' on strip tags?
Problem is in this case
$foo = "text >.<text"
Try this expression (preg_replace with ims falgs):
<\s*\/?[a-z0-9]+(\s*[a-z\-0-9]+)*(\s*[a-z\-0-9]+\="[^"]*")*\s*\/?>
@edit: For example:
<?php
$test = "text text text >.<asd text <div style=\"font-size:12px;\">text >.<in div</div> asd asd <b>bolded</b> <script> alert('this is javascriptalert'); </script>";
$stripped = strip_tags($test);
$replaced = preg_replace('/<\s*\/?[a-z0-9]+(\s*[a-z\-0-9]+)*(\s*[a-z\-0-9]+\="[^"]*")*\s*\/?>/ims','',$test);
var_dump($stripped,$replaced);
You can use regular expression:
$result = preg_replace("/\<\/?[A-Za-z\-\_]+\>/", "", YOUR_DATA);
The HTML parser uses < to denote the start of an element, so generally you're safer not using it anyway. If you want a less than sign to appear in your copy, use the HTML name or number instead: < or <.
No, strip_tags will work that way. There is no difference between an opening brace and a smiley part, so you can add exceptions before strip_tags:
input.replace("<3", "& lt;3");
input = strip_tags(input);
来源:https://stackoverflow.com/questions/33297154/php-strip-tags-removing-everything