Skip to content Skip to sidebar Skip to footer
Home / Html Entities / Php / Regex / Strip Tags

Apply Htmlentities To Stripped Tags

Post a Comment
Researched links: How do you apply htmlentities selectively? and PHP function to strip tags, except a list of whitelisted tags and attributes They are close but not as expected. Wh

Solution 1:

This function might help you, it is not highly tested. It will do htmlentities on all the tags except the tags you specify

function html_entity_decode_matches($matches){
    return html_entity_decode($matches[0]); 
}
function htmlentities_exclude($string, $exclude_array){
    $string = htmlentities($string); //htmlentities all
    $ent_sl = ">"; //>
    if (is_array($exclude_array) AND !empty($exclude_array)){
        foreach($exclude_array as $exc){
            $exc = str_replace(array("<", ">"), "", $exc);
            $ent = str_replace("/", "\/", htmlentities("<{$exc}"));
            $ent_e = str_replace("/", "\/", htmlentities("</{$exc}>"));
            //do decode on <tag...>
            $string = preg_replace_callback("/{$ent}(.*?){$ent_sl}/", "html_entity_decode_matches", $string);
            //do decode on <\tag>
            $string = preg_replace_callback("/{$ent_e}/", "html_entity_decode_matches", $string);
        }
    }
    return $string;
}

echo htmlentities_exclude('<b><script>alert("something");</script></b>', array("<b>"));

Output:
<b>&lt;script&gt;alert(&quot;something&quot;);&lt;/script&gt;</b>

Solution 2:

You can use PHP DOM objects to achieve this, first you create an element(In your case it is < b>) and provide encoded string as its body(inner HTML) like below,

    <?php
        define('CHARSET', 'UTF-8');
        define('REPLACE_FLAGS', ENT_HTML5);
        function htmlcleaned($string) {
            return str_replace(array("<", ">"), array("&lt;", "&gt;"), $string);
        }
        $dom = new DOMDocument('1.0', 'utf-8');
        $element = $dom->createElement('b', htmlcleaned('<script>alert("something");</script>'));
        $dom->appendChild($element);
        $html = $dom->saveXML();
        echo $html;
    ?>

You can use builtin function instead of creating a function like this,

<?php
    define('CHARSET', 'UTF-8');
    define('REPLACE_FLAGS', ENT_HTML5);
    $dom = new DOMDocument('1.0', 'utf-8');
    $element = $dom->createElement('b', htmlspecialchars('<script>alert("something");</script>', ENT_NOQUOTES));
    $dom->appendChild($element);
    $html = $dom->saveXML();
    echo $html;
?>

Post a Comment for "Apply Htmlentities To Stripped Tags"