Tip: Remove some, but not all, HTML

A friend pinged me yesterday with a problem. His site allowed folks to post content with HTML, and while in general this worked fine, some users were posting content with Flash. He wanted to prevent this from being added to the content.

Now - the brute force fix is to simply htmlEditFormat() the code, but that would remove all HTML, not just the unwanted tags. Luckily, there is a solution. My friend (and all around generally smart guy who needs to blog more) Nathan Dintenfass created a UDF named SafeText. This UDF will either remove or replace the following tags:

SCRIPT, OBJECT, APPLET, EMBED, FORM, LAYER, ILAYER, FRAME, IFRAME, FRAMESET, PARAM, META

His code will also remove JavaScript events as well. You can configure the UDF to specify exactly what you want to remove if you don’t want the defaults.

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Comments