PHP
Sanitize Input by Stripping HTML Tags
A PHP regex snippet to effectively remove all HTML tags from a string, preventing XSS vulnerabilities in user-generated content.
<?php
function stripHtmlTags(string $text): string {
// Matches any HTML tag: < followed by anything not >, then >
return preg_replace('/<[^>]*>/', '', $text);
}
$htmlInput = "<p>Hello, <b>world</b>!</p><script>alert('XSS');</script>";
$cleanText = stripHtmlTags($htmlInput);
echo $cleanText; // Output: Hello, world!alert('XSS');
?>
How it works: This PHP function uses `preg_replace()` with a simple regex `/ <[^>]*>/` to remove all HTML tags from a given string. The pattern matches an opening angle bracket `<`, followed by zero or more characters that are not a closing angle bracket `[^>]*`, and then a closing angle bracket `>`. By replacing these matches with an empty string, all HTML tags are effectively stripped, which is a common technique to sanitize user input and prevent XSS attacks when displaying user-generated content.