After I implemented my sanitize functions (according to requested specifics), my boss decided to change the accepted input. Now he wants to keep some specific tag and its attributes. I suggested to implement a BBCode-like language which is safer imho but he doesn't want to because it would be to much work.This time I would like to keep it simple so I will not kill him the next time he asks me to change again this thing. And I know he will.Is it enough to use first the \[code\]strip_tags\[/code\] with the tag parameter to preserve and then \[code\]htmlentities\[/code\]?
Cleaning an HTML string saving some tags and attributes
- Thread starter armyrat1
- Start date