This is a typical example of how someone whould use the strip_tags() function.
<h1><?php echo htmlentities($post->title); ?></h1>
// post content here
<?php echo strip_tags($post->content); ?>
So, I've created an alias function for stripping tags, like this:
function strip($var) {
$allowed = '<div><span><pre><p><br><hr><hgroup><h1><h2><h3><h4><h5><h6>
<ul><ol><li><dl><dt><dd><strong><em><b><i><u>
<img><a><abbr><address><blockquote><area><audio><video>
<form><fieldset><label><input><textarea>
<caption><table><tbody><td><tfoot><th><thead><tr>
<iframe>';
return strip_tags($var, $allowed);
}
and use this instead:
<h1><?php echo htmlentities($post->title); ?></h1>
// post content here
<?php echo strip($post->content); ?>
My question is do I need to add more tags in the $allowed array, or remove some? Which other tags are considered 'not-evil' to add on the array?
If you are worried about XSS attacks than this is the best cheat sheet I ever use.
updated the link