in reply to Safe HTML output?

HTML::TagFilter does this admirably. It's a subclass of HTML::Parser and allows you to specify what tags/attributes to allow/deny similarly to what you're doing. You'd probably need to tweak this a little to fit into your code the way you want, but it should do the trick.

use HTML::TagFilter;
my $tf = HTML::TagFilter->new(
                  allow=>{
                  p=>{'any'},
                  i=>{'any'},                  
                  b=>{'any'},
                  code=>{'any'},
                  br=>{'any'},
                  u=>{'any'},
                  pre=>{'any'},
                  img=>{width=>['any'],
                    height=>['any'],
                    border=>['any'],
                    src=>['any'],
                    },
                  a=>{href=>['any'],
                      target=>['any'],
                      name=>['any'],
                  },
                  
                  }, 
                  deny=>{}, 
                  log_rejects => 1, 
                  strip_comments => 1, 
                  );

sub filter_html{
    $tf->filter(shift);
}

[download]

Update: This module will freak out if you try to install/use it on anything earlier than perl 5.6, I believe because it uses Warnings. As another monk pointed out (forgot who, it was a while ago), you can just comment this out (or install it, I suppose) and it'll work fine.

-Any sufficiently advanced technology is
indistinguishable from doubletalk.

Replies are listed 'Best First'.
Re: Re: Safe HTML output?
by gav^ (Curate) on Jan 20, 2002 at 07:02 UTC

    HTML::TagFilter looks great, apart from it doesn't allow me to use my own handler for text sections which I need.

    Thanks for the tip though, it looks like something that may come in handy.

    gav^

[reply]

In Section Seekers of Perl Wisdom