後來找到好用的套件 :HTML Purifier
裡面還有很多功能,也可阻擋XSS攻擊
require('class/htmlpurifier/HTMLPurifier.auto.php'); $config = HTMLPurifier_Config::createDefault(); $config->set('HTML', 'Allowed', 'a[accesskey|href|rel|tabindex}target|type] ,area[accesskey|alt, coords|href|name|shape|tabindex|target] ,img[alt|border|height|ismap|src|usemap|width] ,b,blockquote[cite],br,dd,div,dl,dt,em,h1,h2,h3,h4,h5,h6 ,hr,i,li[value],map,ol[start|type] ,nav[accesskey|contenteditable|contextmenu|data-*|draggable|dropzone|hidden|spellcheck|tabindex|translate] ,ol[start|type],p,pre,rp,rt,ruby,s,small,source,span,strike,strong,style,sub,sup, ,table[border|cols|summary|cellpadding|cellspacing|align] ,tbody[valign],td[bordercolor|colspan|rowspan],tfoot[valign] ,th[colspan|rowspan|scope],thead[valign],tr[colspan|rowspan] ,tt,u,ul,video[autoplay|controls|height|loop|muted|poster|preload|src|width] ' ); $purifier = new HTMLPurifier($config); echo $cleanContent = $purifier->purify($content);