【PHP】HTML Purifier 可過濾HTML限定只能用那些HTML

碰到只能用某些HTML，自己過濾超麻煩，

後來找到好用的套件 ：HTML Purifier

裡面還有很多功能，也可阻擋XSS攻擊

require('class/htmlpurifier/HTMLPurifier.auto.php');

$config = HTMLPurifier_Config::createDefault();


$config->set('HTML', 'Allowed', 
 'a[accesskey|href|rel|tabindex}target|type]
 ,area[accesskey|alt, coords|href|name|shape|tabindex|target]
 ,img[alt|border|height|ismap|src|usemap|width]
 ,b,blockquote[cite],br,dd,div,dl,dt,em,h1,h2,h3,h4,h5,h6
 ,hr,i,li[value],map,ol[start|type]
 ,nav[accesskey|contenteditable|contextmenu|data-*|draggable|dropzone|hidden|spellcheck|tabindex|translate]
 ,ol[start|type],p,pre,rp,rt,ruby,s,small,source,span,strike,strong,style,sub,sup,
 ,table[border|cols|summary|cellpadding|cellspacing|align]
 ,tbody[valign],td[bordercolor|colspan|rowspan],tfoot[valign]
 ,th[colspan|rowspan|scope],thead[valign],tr[colspan|rowspan]
 ,tt,u,ul,video[autoplay|controls|height|loop|muted|poster|preload|src|width]
 '
 );
$purifier = new HTMLPurifier($config);
echo $cleanContent = $purifier->purify($content);