views:

188

answers:

1

I have some very fundamental questions about the use of the setTagsAllowed and getTagsAllowed methods used with Zend Framework's Zend_Filter_StripTags? Specifically:

  1. Where should the list of tags defined? In the application's controller?
  2. Does the array have to include the <> eg '<h1>' or just 'h1'?
  3. Does the array have to include the closing tags eg '</h1>'?

An example would be appreciated.

+5  A: 

Where should the list of tags defined? In the application's controller?

You could do that. If you're likely to reuse the list elsewhere in your application, you might want to consider using Zend_Registry.

Does the array have to include the <> ... ?

Just 'h1'. For example:

$allowedTags = array(
'a',
'b',
'em',
'strong'
);

Does the array have to include the closing tags ... ?

No.

An example would be appreciated.

Sure:

// permit only the <a>, <b>, <em> and <strong> tags
$allowedTags = array('a','b','em','strong');

// allow only the href attribute to be used in the above tags 
// (which should only be within the <a> tag anyway)
$allowedAttributes = array('href');

// create an instance of Zend_Filter_StripTags to use
$stripTags = new Zend_Filter_StripTags($allowedTags,$allowedAttributes);

// now filter the string
$sanitizedInput = $stripTags->filter($userInput);

Does this answer your question?

Cal Jacobson
Yes, thanks for the clear concise example.
Michelle