Are you ready?
GHengeveld |
|
---|---|
I recently rediscovered a php function strip_tags() which will strip out all html and php tags. It has an option allowable_tags which is a list of html tags that will not be stripped. We can use this to allow only tags like <b> to be used. Of course we'd have to put it through htmlpurifier first to filter anything malicious. To allow posting blocks of unparsed code we'd have to run htmlentities over this part first (unless htmlentities does that for us). I suggest using the <pre> tag for this.
|