This filter can strip XML and HTML tags from given content.
Zend_Filter_StripTags is potentially unsecure
Be warned that Zend_Filter_StripTags should only be used to strip
all available tags.
Using Zend_Filter_StripTags to make your site
secure by stripping some unwanted tags will lead to unsecure and
dangerous code.
Zend_Filter_StripTags must not be used to prevent
XSS attacks. This filter is no replacement for using Tidy or
HtmlPurifier.
The following options are supported for Zend_Filter_StripTags:
allowAttribs: This option sets the attributes which are accepted. All other attributes are stripped from the given content
allowTags: This option sets the tags which are accepted. All other tags will be stripped from the given content
See the following example for the default behaviour of this filter:
<?php
$filter = new Zend_Filter_StripTags();
print $filter->filter('<B>My content</B>');
As result you will get the stripped content 'My content'.
When the content contains broken or partitial tags then the complete following content will be erased. See the following example:
<?php
$filter = new Zend_Filter_StripTags();
print $filter->filter('This contains <a href="http://example.com">no ending tag');
The above will return 'This contains' with the rest being stripped.
Zend_Filter_StripTags allows stripping of all but defined tags.
This can be used for example to strip all tags but links from a text.
<?php
$filter = new Zend_Filter_StripTags(array('allowTags' => 'a'));
$input = "A text with <br/> a <a href='link.com'>link</a>";
print $filter->filter($input);
// returns: A text with a <a href='link.com'>link</a>
The above example strips all tags but the link. By providing an array you can set multiple tags at once.
Warning
Do not use this feature to get a probably secure content. This component does not replace the use of a proper configured html filter.
It is also possible to strip all but allowed attributes from a tag.
<?php
$filter = new Zend_Filter_StripTags(array('allowAttribs' => 'src'));
$input = "A text with <br/> a <img src='picture.com' width='100'>picture</img>";
print $filter->filter($input);
// returns: A text with a <img src='picture.com'>picture</img>
The above example strips all tags but img. Additionally from the img tag all attributes but src will be stripped. By providing an array you can set multiple attributes at once.