' tag. HTML can be sent to the checker in chunks, with multiple calls to the check() method. Usage: $checker = new SafeHtmlChecker; $checker->check(''.$html.''); if ($checker->isOK()) { echo 'Everything is fine'; } else { echo '

'; foreach ($checker->getErrors() as $error) { echo '
• '.$error.'
'; } echo '

'; } Updated 15th September 2003: Added extra E_FLOW_CONTENTS, 'p' => E_INLINE_CONTENTS, 'blockquote' => E_BLOCK_CONTENTS, // Lists 'ul' => 'li', 'ol' => 'li', 'li' => E_FLOW_CONTENTS, 'dl' => 'dt dd', 'dt' => E_INLINE_CONTENTS, 'dd' => E_FLOW_CONTENTS, // Inline elements 'em' => E_INLINE_CONTENTS, 'strong' => E_INLINE_CONTENTS, 'dfn' => E_INLINE_CONTENTS, 'code' => E_INLINE_CONTENTS, 'q' => E_INLINE_CONTENTS, 'samp' => E_INLINE_CONTENTS, 'kbd' => E_INLINE_CONTENTS, 'var' => E_INLINE_CONTENTS, 'cite' => E_INLINE_CONTENTS, 'abbr' => E_INLINE_CONTENTS, 'acronym' => E_INLINE_CONTENTS, 'sub' => E_INLINE_CONTENTS, 'sup' => E_INLINE_CONTENTS, 'a' => E_INLINE_CONTENTS ); // Array showing allowed attributes for tags var $tagattrs = array( 'blockquote' => 'cite', 'q' => 'cite', 'a' => 'href title', 'dfn' => 'title', 'acronym' => 'title', 'abbr' => 'title' ); // Internal variables var $errors = array(); var $parser; var $stack = array(); function SafeHtmlChecker() { $this->parser = xml_parser_create(); xml_set_object($this->parser, &$this); xml_set_element_handler($this->parser, 'tag_open', 'tag_close'); xml_set_character_data_handler($this->parser, 'cdata'); xml_parser_set_option($this->parser, XML_OPTION_CASE_FOLDING, false); } function check($xhtml) { // Open comments are dangerous $xhtml = str_replace('