php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #23723 strip_tags() tag blacklisting
Submitted: 2003-05-20 13:47 UTC Modified: 2022-04-07 14:55 UTC
Votes:6
Avg. Score:3.3 ± 1.4
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: eric at evilwalrus dot com Assigned: ilutov (profile)
Status: Closed Package: Strings related
PHP Version: * OS: *
Private report: No CVE-ID: None
 [2003-05-20 13:47 UTC] eric at evilwalrus dot com
Right now strip_tags() is a great function. You specify a string and the tags you want to keep. What I would like to see is another argument in strip tags so that you could tell it to keep or remove the tags you specify. I saw bug #5976 that had something to do with this very thought, but this extends the idea further. For example, if I have a string full of HTML and I want to remove all <script> and <meta> tags but keep the rest, I could do something like 

strip_tags($string, '<meta><script>', true);

That boolean value of true as the third argument would tell the strip_tags() function to remove the tags specified. Without that, it defaults to the way it is now and removes all but those tags. I think this would be a very handy thing to have in PHP. Thanks.

Patches

striptags.diff.base64 (last revision 2011-01-10 21:20 UTC by jthijssen at noxlogic dot nl)
striptags.diff (last revision 2011-01-09 20:41 UTC by jthijssen at noxlogic dot nl)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-19 00:06 UTC] jani@php.net
-Package: Feature/Change Request +Package: Strings related -Operating System: +Operating System: * -PHP Version: 4.3.2RC3 +PHP Version: *
 [2011-01-09 21:16 UTC] jthijssen at noxlogic dot nl
I know it's a (very) old bug, but on occasion I need a "blacklist" intead of a "whitelist" strip_tags() function.

I've created a patch with an addtional bool to strip_tags() with which you can use the $allowable_tags parameter as a blacklist instead of a whitelist.

Examples:

strip_tags('<a>Click</a><b>here<b>', '<a>');  => <a>Click</a>here
strip_tags('<a>Click</a><b>here<b>', '<a>', false);  => Click<b>here</b>
 [2011-01-10 22:22 UTC] jthijssen at noxlogic dot nl
I've added the patch base64 encoded because of a bug in php's bugtracker (bug #53703).
 [2017-10-24 01:53 UTC] kalle@php.net
-Status: Assigned +Status: Analyzed -Assigned To: moriyoshi +Assigned To:
 [2017-10-24 01:54 UTC] kalle@php.net
-Summary: Extend strip_tags() +Summary: strip_tags() tag whitelisting
 [2018-12-29 21:37 UTC] nikic@php.net
-Summary: strip_tags() tag whitelisting +Summary: strip_tags() tag blacklisting
 [2022-04-07 14:55 UTC] ilutov@php.net
-Status: Analyzed +Status: Closed -Assigned To: +Assigned To: ilutov
 [2022-04-07 14:55 UTC] ilutov@php.net
This feature request has been open for a long time with no action. We're migrating away from bugs.php.net, if this is still desired please create a new issue on GitHub.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 05:01:29 2024 UTC