Date: 02/18/05 (PHP Community)    Keywords: php, html

It's a common practice when implementing a system requiring content submission that might include html tags, to strip the input fields of all html and get the users to use psuedo-tags instead, such as [ b ] instead of < strong > which will be replaced by the content-view script. This serves it's purpose by removing any mallicious code from the input text. It also limits the extent to which a user can alter the appearence of their submission, eg unable to post IFRAME or MARQUEE tags.

The downside to this method is that it needs the user to adapt to a modified and often custom tag system. It is also cumbersome code as you are having to do a lot more work than necessary, coding a set of tags and ways to parse them etc.

Enter PHP's strip_tags function. It is likely you will already be using this library function to remove unwanted html (possibly along with htmlspecialchars). But you might not know strip_tags has an optional argument of allowed html tags. Using this function with an array passed in of "safe" html tags you can easily save yourself a lot of hassle and allow the user to operate within the realm of proper-html instead of some new tag set!

Not sure if this will help anyone but I found it very useful in my own projects... enjoy!

Source: http://www.livejournal.com/community/php/262371.html