PhpRiot
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...


When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

StripTags

This filter can strip XML and HTML tags from given content.

Zend_Filter_StripTags is potentially unsecure

Be warned that Zend_Filter_StripTags should only be used to strip all available tags.

Using Zend_Filter_StripTags to make your site secure by stripping some unwanted tags will lead to unsecure and dangerous code.

Zend_Filter_StripTags must not be used to prevent XSS attacks. This filter is no replacement for using Tidy or HtmlPurifier.

Supported options for Zend_Filter_StripTags

The following options are supported for Zend_Filter_StripTags:

  • allowAttribs: This option sets the attributes which are accepted. All other attributes are stripped from the given content

  • allowTags: This option sets the tags which are accepted. All other tags will be stripped from the given content

Basic usage

See the following example for the default behaviour of this filter:

<?php
$filter 
= new Zend_Filter_StripTags();

print 
$filter->filter('<B>My content</B>');

As result you will get the stripped content 'My content'.

When the content contains broken or partitial tags then the complete following content will be erased. See the following example:

<?php
$filter 
= new Zend_Filter_StripTags();

print 
$filter->filter('This contains <a href="http://example.com">no ending tag');

The above will return 'This contains' with the rest being stripped.

Allowing defined tags

Zend_Filter_StripTags allows stripping of all but defined tags. This can be used for example to strip all tags but links from a text.

<?php
$filter 
= new Zend_Filter_StripTags(array('allowTags' => 'a'));

$input  "A text with <br/> a <a href='link.com'>link</a>";
print 
$filter->filter($input);
// returns: A text with a <a href='link.com'>link</a>

The above example strips all tags but the link. By providing an array you can set multiple tags at once.

Warning

Do not use this feature to get a probably secure content. This component does not replace the use of a proper configured html filter.

Allowing defined attributes

It is also possible to strip all but allowed attributes from a tag.

<?php
$filter 
= new Zend_Filter_StripTags(array('allowAttribs' => 'src'));

$input  "A text with <br/> a <img src='picture.com' width='100'>picture</img>";
print 
$filter->filter($input);
// returns: A text with a <img src='picture.com'>picture</img>

The above example strips all tags but img. Additionally from the img tag all attributes but src will be stripped. By providing an array you can set multiple attributes at once.

Zend Framework