I'm currently using Zend_Filter_StripTags in a commenting system, but stuff kinda breaks when '<3' is entered. StripTags doesn't seem to be smart enough to realize that it's not an HTML tag, and creating the filter as "new Zend_Filter_StripTags(array('3'))" doesn't seem to work either.
Should I pass the input through a regexp first, or is there a way to get Zend_Filter_StripTags to straighten up and fly right?
I'm not familiar with Zend much, but if you want stuff like <3 to be allowed, just do htmlspecialchars instead of strip_tags on it.
What you want is Zend_Filter_HtmlEntites most likely.
The problem with htmlspecialchars and Zend_Filter_HtmlEntities is that if you're trying to strip out all html tags ( like 'a' and 'img', etc ), then instead of stripping them, you end up with that markup in your output.
Take comments on a blog for example. If you use htmlspecialchars or Zend_Filter_HtmlEntities, in a comment where someone tries to use html to enter a link you end up with that markup showing up when you display the comment. But if you use strip_tags or Zend_Filter_StripTags you end up mangling the comment, as neither is smart enough to realize that '<3' isn't a tag, and just strips everything from '<3' until the end of the comment ( or until it finds '>' ).
It would be nice if Zend had something like HTMLPurifier, where it actually checks and validates the input before stripping tags. This means that stuff like '<3' gets left alone, where as stuff like 'Awesome Site' becomes 'Awesome Site'.
This is a problem I'm trying to work around, and at the moment it seems like I'm going to end up writing my own Zend_Filter class that's basically a wrapper for HTMLPurifier.
Ended up writing a Zend_Filter class that was basically a wrapper for HTMLPurifier. Works perfectly, because HTMLPurifier is a LOT smarter than striptags.