Escape HTML output using htmlentities and allow at the same time a custom list of HTML tags.
/**
* Escape HTML output
* Allow custom HTML tag list
* @param string $sText
* @return string
*/
private function escapeHtml($sText)
{
$sText = htmlentities($sText, ENT_QUOTES, 'UTF-8');
$aAllowedTags = array('b', 'strong', 'i', 'em', 'br');
foreach($aAllowedTags as $sTag)
{
$sText = preg_replace('`<(/?'.$sTag.'.*)>`Ums', '<$1>', $sText);
}
return $sText;
}
/**
* Escape HTML output
* Allow custom HTML tag list
* @param string $sText
* @return string
*/
private function escapeHtml($sText)
{
$sText = htmlentities($sText, ENT_QUOTES, 'UTF-8');
$aAllowedTags = array('b', 'strong', 'i', 'em', 'br');
foreach($aAllowedTags as $sTag)
{
$sText = preg_replace('`<(/?'.$sTag.'.*)>`Ums', '<$1>', $sText);
}
return $sText;
}
No comments:
Post a Comment