I am trying to use htmlspecialchars() but want to preserve the following tags:
<a>, <b> and <i>.
How would I go about doing so?
The solutions that I have found do not seem to work together with an attribute tag and a normal plain tag.
Here is a piece of code that I have found that is supposed to allow for tags with attributes:
function fix_attributes($match){
return "<".$match[1].str_replace('"','"',$match[2]).">";
}
function allow_only($str, $allowed){
$str = htmlspecialchars($str);
foreach( $allowed as $a ){
$str = preg_replace_callback("/<(".$a."){1}([\s\/\.\w=&;:#]*?)>/", fix_attributes, $str);
$str = str_replace("</".$a.">", "</".$a.">", $str);
}
return $str;
}
echo allow_only('This is <b>bold</b> and <a href="http://www.#links">this</a> is <i>italic</i>.', array("b","a","i"));
然而,它一直给我一个错误:使用未定义的常量fix_attributes
我很感激任何帮助!
答案 0 :(得分:1)
问题:使用没有引号的回调函数
有关详细信息,请参阅http://php.net/manual/en/function.preg-replace-callback.php
<?php
function fix_attributes($match){
return "<".$match[1].str_replace('"','"',$match[2]).">";
}
function allow_only($str, $allowed){
$str = htmlspecialchars($str);
foreach( $allowed as $a ){
$str = preg_replace_callback("/<(".$a."){1}([\s\/\.\w=&;:#]*?)>/", "fix_attributes", $str);//use quotes here
$str = str_replace("</".$a.">", "</".$a.">", $str);
}
return $str;
}
echo allow_only('This is <b>bold</b> and <a href="http://www.#links">this</a> is <i>italic</i>.', array("b","a","i"));
?>