/_octopress/source/functions/strip_tags/_comments.html

<!-- Generated by Rakefile:build -->

<strong>
<a href="http://an3m1.com/" rel="nofollow">????? ?????? ? ?????</a>
</strong>
on 2012-04-04 14:33:20 <br />
I wonder how you got so good. HaHa ! This is really a fascinating blog, lots of stuff that I can get into. One thing I just want to say is that your design is so perfect ! You certainly know how to get a girls attention ! I’m glad that you’re here. I feel like I’ve learned something new by being here 
<hr />


<strong>
Roger
</strong>
on 2012-03-28 05:16:43 <br />
Awesome &amp; thanks!
<hr />


<strong>
<a href="jkhvkjb" rel="nofollow">sacdmn sda.m,c nads,.cn n65467289376541248321908643218694321</a>
</strong>
on 2011-03-31 09:29:16 <br />
!@#$%^&amp;*())(*&amp;^%$#@
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2010-09-08 20:06:17 <br />
@ Chris: Sorry, if the comment system is letting you down here, could you try pasting to pastebin.org?

@ Evertjan Garretsen: Looks like the PHP version needs you to explicitly put br/ in the list of allowed tags

@ Rafał Kukawski: Sublime man. In fact your creation's so good that it's better than PHP's version. Have a look at example 6 and you will see that PHP (5.3.2) will require you to explicitly name br/ in the allow list.

I'm still including your version in php.js, though, as I don't think this will cause bad bugs for people (seems like if you're whitelisting br you intend to whitelist br/ as well) so we can fix it later on.

https://github.com/kvz/phpjs/commit/526ac02243899b12cd0929c0a25133304525c0e8
<hr />


<strong>
Evertjan Garretsen
</strong>
on 2010-09-07 23:14:41 <br />
I discovered that when i allow br, this wil not allow the xhtml closed br like: &lt;br/&gt;. Maybe the following line should be added?

<pre><code>

if (i != 0) { i = html.toLowerCase().indexOf('&lt;'+allowed_tag+'/&gt;');}

</code></pre>

<hr />


<strong>
<a href="http://blog.kukawski.pl" rel="nofollow">Rafa? Kukawski</a>
</strong>
on 2010-07-15 12:02:30 <br />
I extended my previous solution with removing comments and php tags. May not be perfect, but should work for most cases

<pre><code>function strip_tags(input, allowed){
   allowed = (((allowed || &quot;&quot;) + &quot;&quot;)
      .toLowerCase()
      .match(/&lt;[a-z][a-z0-9]*&gt;/g) || [])
      .join(''); // making sure the allowed arg is a string containing only tags in lowercase (&lt;a&gt;&lt;b&gt;&lt;c&gt;)
   var tags = /&lt;\/?([a-z][a-z0-9]*)\b[^&gt;]*&gt;/gi,
       commentsAndPhpTags = /&lt;!--[\s\S]*?--&gt;|&lt;\?(?:php)?[\s\S]*?\?&gt;/gi;
   return input.replace(commentsAndPhpTags, '').replace(tags, function($0, $1){
      return allowed.indexOf('&lt;' + $1.toLowerCase() + '&gt;') &gt; -1 ? $0 : '';
   });
}</code></pre>
<hr />


<strong>
<a href="http://blog.kukawski.pl" rel="nofollow">Rafa? Kukawski</a>
</strong>
on 2010-07-15 08:39:26 <br />
Maybe sth like this?

<pre><code>function strip_tags(input, allowed){
   allowed = (((allowed || &quot;&quot;) + &quot;&quot;)
      .toLowerCase()
      .match(/&lt;[a-z][a-z0-9]*&gt;/g) || [])
      .join(''); // making sure the allowed arg is a string containing only tags in lowercase (&lt;a&gt;&lt;b&gt;&lt;c&gt;)
   var reg = /(&lt;\/?([a-z][a-z0-9]*)\b[^&gt;]*&gt;)/gi;
   return input.replace(reg, function($0, $1, $2){
      return allowed.indexOf('&lt;' + $2.toLowerCase() + '&gt;') &gt; -1 ? $0 : '';
   });
}</code></pre>
<hr />


<strong>
Chris
</strong>
on 2010-07-14 10:18:52 <br />
Hey,
I have a slight problem with html comments. See this example:
<pre><code>&lt;h2 class=&quot;error&quot;&gt;Ooops, das hätte nicht passieren dürfen!&lt;/h2&gt;

&lt;div class=&quot;graybox&quot;&gt;
Die angegebene Adresse ist mit Ihren Benutzerrechten nicht erreichbar.&lt;br /&gt;
&lt;!--Sie werden in &lt;strong id=&quot;cnt&quot;&gt;&amp;nbsp;&lt;/strong&gt; Sekunden zur Startseite weitergeleitet...--&gt;
&lt;/div&gt;</code></pre>

JS result:
<pre><code>Ooops, das hätte nicht passieren dürfen! Die angegebene Adresse ist mit Ihren Benutzerrechten nicht erreichbar. &amp;nbsp; Sekunden zur Startseite weitergeleitet...--&gt;</code></pre>

See missing &quot;Sie werden in&quot; and additional &quot;--&gt;&quot; in the JS result.
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2009-08-04 12:30:14 <br />
@ Brett Zamir: Ok provided an additional fix. After comment caches clear we should be able to review the results.
<hr />


<strong>
<a href="http://brett-zamir.me" rel="nofollow">Brett Zamir</a>
</strong>
on 2009-07-29 03:06:44 <br />
@Kevin: Thanks for the security fix, and sorry I'm too busy to look into it myself at the moment, but now the code snippets are showing less-than signs, etc. in entity form...
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2009-07-24 12:29:04 <br />
@ Tomasz Wesolowski: Very kind of you to provide the fix! I've added it to SVN along with the credits.

PS: oops indeed! fixed the comment issue
<hr />


<strong>
Tomasz Wesolowski
</strong>
on 2009-07-22 15:39:08 <br />
Oops, no HTML escaping in posts? Here's a cleaner repost:
---

That's some useful code. :)

Unfortunately it seems to fail on header tags h1..h7. I have probably fixed that by changing the line 42:

<pre><code>// Build allowes tags associative array
if (allowed_tags) {
    allowed_array = allowed_tags.match(/([a-zA-Z]+)/gi);
}</code></pre>

to 

<pre><code>allowed_array = allowed_tags.match(/([a-zA-Z0-9]+)/gi);</code></pre>
<hr />


<strong>
Tomasz Wesolowski
</strong>
on 2009-07-22 15:37:14 <br />
That's some useful code. :)

Unfortunately it seems to fail on header tags &lt;h1&gt;..&lt;h7&gt;. I have probably fixed that by changing the line 42:

// Build allowes tags associative array
<pre><code>if (allowed_tags) {
    allowed_array = allowed_tags.match(/([a-zA-Z]+)/gi);
}</code></pre>

to 

<pre><code>allowed_array = allowed_tags.match(/([a-zA-Z0-9]+)/gi);</code></pre>
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2009-03-22 18:55:32 <br />
@ Bobby Drake: Thanks for pointing that out. I fixed the bug and added your testcase to prevent future bugs. Thanks!
<hr />


<strong>
Michael Grier
</strong>
on 2009-03-04 20:46:13 <br />
what does !! do here? validate? convert int to bool? 

array unique is using this function internally, but array_unique is not working for me (it returns undefined), and I'm trying to figure out why.
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2009-03-02 14:39:39 <br />
@ Eric Nagel: Great, thanks for pointing that out!
<hr />


<strong>
<a href="http://www.ericnagel.com/" rel="nofollow">Eric Nagel</a>
</strong>
on 2009-02-27 22:05:14 <br />
Thanks for the function.  I added:

<pre><code>

var k = '', i = 0;

</code></pre>



in your variable declarations, as I was using k and i outside the function, which put things into a nasty loop.  Hope this helps someone.
<hr />


<strong>
<a href="http://computerzworld.com" rel="nofollow">Computerzworld</a>
</strong>
on 2009-01-24 06:36:43 <br />
You have a great collection of  PHP equivalent javascript functions. This is really helpful to develpers. Thanks for sharing.
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2008-11-18 12:27:39 <br />
@ Marc Palau: That was a bit of legacy you spotted there, removed it. thx!
<hr />


<strong>
<a href="http://www.nbsp.es" rel="nofollow">Marc Palau</a>
</strong>
on 2008-11-18 10:50:12 <br />
Why is defined allowed_keys??



<pre><code>var allowed_keys = {};</code></pre>
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2008-10-21 10:07:37 <br />
@ Alex: I wasn't aware of this implementation. And, you're right: it is our objective to mimic php as much as reasonably possible. Thanks for sharing, I've updated the function and credited you accordingly.
<hr />


<strong>
<a href="http://deliciousdemon.com" rel="nofollow">Alex</a>
</strong>
on 2008-10-20 21:02:54 <br />
It looks like there's a small difference in your JS implementation of strip_tags from PHP's implementation:



PHP declares multiple allowable tags like this: strip_tags('&amp;lt;p&amp;gt;&amp;lt;b&amp;gt;text&amp;lt;/b&amp;gt;&amp;lt;/p&amp;gt;', '&amp;lt;p&amp;gt;&amp;lt;b&amp;gt;')



The JS version is like this:

strip_tags('&amp;lt;p&amp;gt;&amp;lt;b&amp;gt;text&amp;lt;/b&amp;gt;&amp;lt;/p&amp;gt;', '&amp;lt;p&amp;gt;,&amp;lt;b&amp;gt;')



Note the comma separation in the JS version between the allowable tags. It's not a big deal, but I thought I'd point it out, as it tripped me up for a while (and I thought you'd want to know since you're attempting to make these functions work syntactically the same as their PHP equivalents). Thanks!
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2008-09-17 13:06:23 <br />
@ Pul: Thank you for pointing that out. I've fixed the code and added your usage example so it will be tested in the future as well.
<hr />


<strong>
Pul
</strong>
on 2008-09-15 15:44:15 <br />
try

<pre><code>

strip_tags(&amp;quot;&amp;lt;a href='index.html'&amp;gt;test&amp;lt;/a&amp;gt;&amp;quot;, &amp;quot;&amp;lt;a&amp;gt;&amp;quot;);

</code></pre>



please fix.. :P
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2008-07-18 09:29:26 <br />
@ Steven Richards: I've made what I think is the right change. Does this work okay?
<hr />


<strong>
Steven Richards
</strong>
on 2008-07-09 03:23:59 <br />
The strip_tags() function appears to be broken in IE7. Upon detecting an opening tag, it completely removes ALL output. The same behavior appears on the test page on this site. It appears that in IE, the match() function returns a copy of the input string and a couple other extraneous values on a successful match, causing the entire string to be replaced by the first matched key (the original input).



To fix, I added this ugly piece of work inside the key loop:

<pre><code>

if (key == '0' || Number(key.toString()))

{

// replacement

}

</code></pre>
<hr />


<strong>
Mohammed
</strong>
on 2008-06-20 06:17:43 <br />
Thanks!
<hr />


<strong>
Rauan
</strong>
on 2008-06-01 21:32:46 <br />
Wow. Thanks, Kevin. That's the very important feature. :)
<hr />


<strong>
<a href="http://kevin.vanzonneveld.net" rel="nofollow">Kevin van Zonneveld</a>
</strong>
on 2008-05-31 12:33:05 <br />
@ Rauan: PHP.JS is by no means a full PHP implementation in Javascript. But thanks for pointing this out, I've added the functionality
<hr />


<strong>
Rauan
</strong>
on 2008-05-23 23:04:13 <br />
Ok, that's great... But where is exception in regex for allowed_tags?
<hr />