1, 'br/'=>1, // fix later ;) 'li'=>1, 'hr'=>1, '/tr'=>1, 'img'=>1, 'p'=>1 ); // allowed tags $allowed = Array('b'=>1, 'i'=>1, 'u'=>1, 'a'=>1, 'img'=>1, 'sup'=>1, 'sub'=>1, 'table'=>1, 'tr'=>1, 'td'=>1, 'font'=>1, 'ul'=>1, 'ol'=>1, 'li'=>1, 'tt'=>1, 'address'=>1, 'code'=>1, 'small'=>1, 'big'=>1, 'caption'=>1, 'thead'=>1, 'tfoot'=>1, 'col'=>1, 'colgroup'=>1, 'th'=>1, 'br'=>1, 'br/'=>1, // fix later 'hr'=>1, 'em'=>1, 'th'=>1, 'center'=>1, 'pre'=>1, 'xmp'=>1, 's'=>1, 'strong'=>1, 'legend'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'p'=>1, 'blockquote'=>1, 'div'=>1, 'span'=>1, 'fieldset'=>1 ); /* this part will go trought string and will ensure, if all tags are closed */ $tok = StrTok($data, '<'); $tok = StrTok('<'); while(!($tok === FALSE)){ if(!StrStr($tok,'>')): $htmlparse = 'Chyba HTML syntaxe!'; //$htmlparse = 'Wrong HTML syntax!'; return 0; elseif(StrStr($tok,"<")): $htmlparse = 'Chyba HTML syntaxe!'; //$htmlparse = 'Wrong HTML syntax!'; return 0; endif; $tok = StrTok('<'); } /* main part of the function - it will check allowed tags, some parameters and so on... */ $tok = StrTok($data, '<'); $i = 0; $j = 0; while(!($tok === FALSE)): if($i == 1): $tag = Split('>',$tok,2); $attrib = Split("[[:space:]>]",$tag[0],2); if($allowed[$attrib[0]] != 1 && $allowed[SubStr($attrib[0],1)] != 1): // if tag isn in allowed array $htmlparse = 'Zakazany tag <'.$attrib[0].'>!'; //$htmlparse = 'Forbidden tag <'.$attrib[0].'>!'; return 0; endif; if('/'.$tags[$j] == $attrib[0]): // closing tag for last opening tag if($tags[$j] == 'table' && $opened_tables > 0): $opened_tables--; endif; $j--; elseif($tags[$j] == 'xmp'): // XMP tag...ignore eny other tags between them else: if(SubStr($attrib[0],0,1) == '/' && $unpaired[$tags[$j]]): // do I need to close the tag? $j--; continue; elseif(SubStr($attrib[0],0,1) == '/'): // am I closing something, I didn open? $htmlparse = 'Chyba u tagu <'.$tag[0].'>! Zavirate tag, ktery jste neotevrel!'; //$htmlparse = 'Error near tag <'.$tag[0].'>! Closing tag, that wasn opened!'; return 0; elseif(Ereg(' on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn suicide $htmlparse = 'JavaScript je na hovno!'; //$htmlparse = 'JavaScript sux!'; return 0; elseif(Ereg('/on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn suicide $htmlparse = 'z bezpecnostnych dovodov nieje povolene vkladat do tagov retazec "/on"'; return 0; /* elseif(Ereg(' style',' '.$attrib[1])): // styles are forbidden - don look at me THAT way ;) $htmlparse = 'Ten "style" se mi tam nezda!'; //$htmlparse = '"styles" are forbidden!'; return 0; */ elseif(Ereg('://',' '.$attrib[1]) && $attrib[0] != "img" && $attrib[0] != "a"): // adresses in attributes (except A and IMG tags) are forbidden $htmlparse = 'Neco se mi tam nelibi! To je hlaska HTML validace - nejedna se o nejakou cenzuru ;)'; //$htmlparse = 'Forbidden usage of adresses in tags!'; return 0; elseif((SubStr_Count($attrib[1],'"')%2) > 0): // are quotes closed? can do mess if they aren $htmlparse = 'Neuzavrel jste uvozovky uvnitr tagu <'.$attrib[0].'>!'; //$htmlparse = 'Close quotes in tag <'.$tag[0].'>!'; return 0; elseif(Ereg('\?',$attrib[1]) && $attrib[0] == 'img'): // don allow parameters in IMG tags $htmlparse = 'Chyba u tagu <img> - nejsou povoleny parametry v adrese!'; //$htmlparse = 'Error in tag <img> - parameters in image adresses are forbidden!'; return 0; elseif(($attrib[0] == 'td' || $attrib[0] == 'tr') && $opened_tables == 0): $htmlparse = 'Strkej si ty tagy do vlastni tabulky, jo?'; return 0; elseif($attrib[0] == 'table'): $opened_tables++; endif; $j++; $tags[$j] = $attrib[0]; endif; endif; $tok = StrTok('<'); $i = 1; endwhile; /* just check, if all tags are properly closed */ while($j > 0): if($unpaired[$tags[$j]]): $j--; continue; else: $htmlparse = 'Neuzavrel jste tag <'.$tags[$j].'>!'; //$htmlparse = 'Tag <'.$tags[$j].'> wasn closed correctly!'; return 0; endif; endwhile; return 1; } }