Skip to content

Instantly share code, notes, and snippets.

@jamsesso
Created July 5, 2010 14:03
Show Gist options
  • Save jamsesso/464374 to your computer and use it in GitHub Desktop.
Save jamsesso/464374 to your computer and use it in GitHub Desktop.
<?php
function secure_wysiwyg($filter)
{
$badattr = array('onclick="' => 'void="',
'onmouseover="' => 'void="',
'onload="' => 'void="',
'onblur="' => 'void="',
'onfocus="' => 'void="',
'class="' => 'void="',
'id="' => 'void="',
'style="' => 'void="',
'onchange="' => 'void="',
'ondblclick="' => 'void="',
'onsubmit="' => 'void="',
'onkeydown="' => 'void="',
'onkeyup="' => 'void="',
'onkeypress="' => 'void="',
'onmouseout="' => 'void="',
'onmousemove="' => 'void="',
'onmousedown="' => 'void="',
'onmouseup="' => 'void="',
'onreset="' => 'void="',
'onselect="' => 'void="',
'onunload="' => 'void="',
'prompt="' => 'void="',
'title="' => 'void="',
'href="javascript:' => 'href="http://');
$safetags = "<h1><h2><h3><div><img><br><a><strike><i><b><u><hr><ul><li><ol><sup><sub><blockquote>";
$filter = str_replace(array_keys($badattr), array_values($badattr), strip_tags($filter, $safetags));
return $filter;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment