PHP

Sanitize Input by Stripping HTML Tags

A PHP regex snippet to effectively remove all HTML tags from a string, preventing XSS vulnerabilities in user-generated content.

<?php
function stripHtmlTags(string $text): string {
    // Matches any HTML tag: < followed by anything not >, then >
    return preg_replace('/<[^>]*>/', '', $text);
}

$htmlInput = "<p>Hello, <b>world</b>!</p><script>alert('XSS');</script>";
$cleanText = stripHtmlTags($htmlInput);
echo $cleanText; // Output: Hello, world!alert('XSS');
?>
How it works: This PHP function uses `preg_replace()` with a simple regex `/ <[^>]*>/` to remove all HTML tags from a given string. The pattern matches an opening angle bracket `<`, followed by zero or more characters that are not a closing angle bracket `[^>]*`, and then a closing angle bracket `>`. By replacing these matches with an empty string, all HTML tags are effectively stripped, which is a common technique to sanitize user input and prevent XSS attacks when displaying user-generated content.

Need help integrating this into your project?

Our team of expert developers can help you build your custom application from scratch.

Hire DigitalCodeLabs