strip_tags - PHP code example

The PHP Function Strip_Tags

The php function strip_tags is an important one to understand for any developer working with user-generated content on a website. It helps to sanitize input data and ensure that malicious code such as scripts isn’t executed on the web server or displayed to users.

The ph_strip_tags() function removes HTML and PHP tags from a string, leaving only plain text. It has two required parameters: the string to work on and a list of tags that shouldn’t be stripped. The function return the stripped string.

Stripping tags in input is a part of input sanitization, and is often done in conjunction with other sanitization functions like escaping. However, the ph_strip_tags() does not validate or check the integrity of the HTML tags it strips. So it’s not suitable for preventing certain attacks like XSS. Instead, other appropriate methods or functions should be used for this purpose depending on the context.

ph_strip_tags() is an inbuilt function and therefore available in all versions of PHP. However, it’s always a good idea to keep the PHP version up to date as new features and security patches are often included with the latest releases.

As with all functions in PHP, it’s important to know what the return type of a function is before using it. The var_dump() function shows the return type of ph_strip_tags() to be a string.

strip_tags example

  protected static function buildLinks(NodeInterface $entity, $view_mode) {
    $links = [];

    // Always display a read more link on teasers because we have no way     // to know when a teaser view is different than a full view.     if ($view_mode == 'teaser') {
      $node_title_stripped = strip_tags($entity->label());
      $links['node-readmore'] = [
        'title' => t('Read more<span class="visually-hidden"> about @title</span>', [
          '@title' => $node_title_stripped,
        ]),
        'url' => $entity->toUrl(),
        'language' => $entity->language(),
        'attributes' => [
          'rel' => 'tag',
          'title' => $node_title_stripped,
        ],
      ];
    }

'em'      => true,
                    'strong'  => true,
                );

                $value = wp_kses( $value, $header_tags_with_a );
                break;
            case 'ThemeURI':
            case 'AuthorURI':
                $value = sanitize_url( $value );
                break;
            case 'Tags':
                $value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
                break;
            case 'Version':
            case 'RequiresWP':
            case 'RequiresPHP':
            case 'UpdateURI':
                $value = strip_tags( $value );
                break;
        }

        return $value;
    }

$container->get('user.permissions'),
      $container->get('module_handler')
    );
  }

  public function getValueOptions() {
    if (!isset($this->valueOptions)) {
      $permissions = $this->permissionHandler->getPermissions();
      foreach ($permissions as $perm => $perm_item) {
        $provider = $perm_item['provider'];
        $display_name = $this->moduleHandler->getName($provider);
        $this->valueOptions[$display_name][$perm] = Html::escape(strip_tags($perm_item['title']));
      }
      return $this->valueOptions;
    }
    else {
      return $this->valueOptions;
    }
  }

  /** * {@inheritdoc} * * Replace the configured permission with a filter by all roles that have this * permission. */

            $target = $this->getTargetFile($directory, $name);

            set_error_handler(function D$type, $msg) use (&$error) { $error = $msg; });
            try {
                $moved = move_uploaded_file($this->getPathname(), $target);
            } finally {
                restore_error_handler();
            }
            if (!$moved) {
                throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error)));
            }

            @chmod($target, 0666 & ~umask());

            return $target;
        }

        switch ($this->error) {
            case \UPLOAD_ERR_INI_SIZE:
                throw new IniSizeFileException($this->getErrorMessage());
            case \UPLOAD_ERR_FORM_SIZE:

if ( ! empty( $monthnum ) ) {
            $title .= $t_sep . $wp_locale->get_month( $monthnum );
        }
        if ( ! empty( $day ) ) {
            $title .= $t_sep . zeroise( $day, 2 );
        }
    }

    // If it's a search.     if ( is_search() ) {
        /* translators: 1: Separator, 2: Search query. */
        $title = sprintf( __( 'Search Results %1$s %2$s' ), $t_sep, strip_tags( $search ) );
    }

    // If it's a 404 page.     if ( is_404() ) {
        $title = __( 'Page not found' );
    }

    $prefix = '';
    if ( ! empty( $title ) ) {
        $prefix = " $sep ";
    }

function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) {
    $title = strip_tags( $title );
    // Preserve escaped octets.     $title = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title );
    // Remove percent signs that are not part of an octet.     $title = str_replace( '%', '', $title );
    // Restore octets.     $title = preg_replace( '|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title );

    if ( seems_utf8( $title ) ) {
        if ( function_exists( 'mb_strtolower' ) ) {
            $title = mb_strtolower( $title, 'UTF-8' );
        }

namespace Symfony\Component\Mime\HtmlToTextConverter;

/** * @author Fabien Potencier <fabien@symfony.com> */
class DefaultHtmlToTextConverter implements HtmlToTextConverterInterface
{
    public function convert(string $html, string $charset): string
    {
        return strip_tags(preg_replace('{<(head|style)\b.*?</\1>}is', '', $html));
    }
}

return;
        }

        foreach ($messages as $message) {
            switch ($type) {
                case OutputInterface::OUTPUT_NORMAL:
                    $message = $this->formatter->format($message);
                    break;
                case OutputInterface::OUTPUT_RAW:
                    break;
                case OutputInterface::OUTPUT_PLAIN:
                    $message = strip_tags($this->formatter->format($message));
                    break;
            }

            $this->doWrite($message ?? '', $newline);
        }
    }

    /** * Writes a message to the output. * * @return void */

        if ( $title ) {
            echo $args['before_title'] . $title . $args['after_title'];
        }

        $format = current_theme_supports( 'html5', 'navigation-widgets' ) ? 'html5' : 'xhtml';

        /** This filter is documented in wp-includes/widgets/class-wp-nav-menu-widget.php */
        $format = apply_filters( 'navigation_widgets_format', $format );

        if ( 'html5' === $format ) {
            // The title may be filtered: Strip out HTML and make sure the aria-label is never empty.             $title      = trim( strip_tags( $title ) );
            $aria_label = $title ? $title : $default_title;
            echo '<nav aria-label="' . esc_attr( $aria_label ) . '">';
        }
        ?> <ul> <?php foreach ( $r->posts as $recent_post ) : ?> <?php                 $post_title   = get_the_title( $recent_post->ID );
                $title        = ( ! empty( $post_title ) ) ? $post_title : __( '(no title)' );
                $aria_current = '';

class PlainTextOutput implements OutputStrategyInterface {

  /** * {@inheritdoc} */
  public static function renderFromHtml($string) {
    return Html::decodeEntities(strip_tags((string) $string));
  }

}

public readonly bool $featured
  ) {
  }

  /** * Returns the content of the announcement with no markup. * * @return string * Content of the announcement without markup. */
  public function getContent() {
    return strip_tags($this->content_html);
  }

  /** * Gets the published date in timestamp format. * * @return int * Date published timestamp. */
  public function getDatePublishedTimestamp() {
    return DrupalDateTime::createFromFormat(DATE_ATOM, $this->date_published)->getTimestamp();
  }

}

if ( $title ) {
                echo $args['before_title'] . $title . $args['after_title'];
            }

            $format = current_theme_supports( 'html5', 'navigation-widgets' ) ? 'html5' : 'xhtml';

            /** This filter is documented in wp-includes/widgets/class-wp-nav-menu-widget.php */
            $format = apply_filters( 'navigation_widgets_format', $format );

            if ( 'html5' === $format ) {
                // The title may be filtered: Strip out HTML and make sure the aria-label is never empty.                 $title      = trim( strip_tags( $title ) );
                $aria_label = $title ? $title : $default_title;
                echo '<nav aria-label="' . esc_attr( $aria_label ) . '">';
            }
            ?> <ul> <?php echo $output; ?> </ul> <?php             if ( 'html5' === $format ) {

        }

        // Match all phrases.         foreach ( $this->search_terms as $word ) {
            if ( in_array( $word, $theme->get( 'Tags' ), true ) ) {
                continue;
            }

            foreach ( array( 'Name', 'Description', 'Author', 'AuthorURI' ) as $header ) {
                // Don't mark up; Do translate.                 if ( false !== stripos( strip_tags( $theme->display( $header, false, true ) ), $word ) ) {
                    continue 2;
                }
            }

            if ( false !== stripos( $theme->get_stylesheet(), $word ) ) {
                continue;
            }

            if ( false !== stripos( $theme->get_template(), $word ) ) {
                continue;
            }

$this->writeText(sprintf(' <info>%s</info>%s%s', $name, str_repeat(' ', $spacingWidth), $commandAliases.$command->getDescription()), $options);
                }
            }

            $this->writeText("\n");
        }
    }

    private function writeText(string $content, array $options = []): void
    {
        $this->write(
            isset($options['raw_text']) && $options['raw_text'] ? strip_tags($content) : $content,
            isset($options['raw_output']) ? !$options['raw_output'] : true
        );
    }

    /** * Formats command aliases to show them in the command description. */
    private function getCommandAliasesText(Command $command): string
    {
        $text = '';
        $aliases = $command->getAliases();