htmlspecialchars all markup inside

Question

I'm getting content from database:

$data="some markup <pre> <code> some code </code> </pre> some markup"

What I want to do is following

If $data has <pre> <code> </code> </pre> inside, then do something and pass some code through htmlspecialchars() function. Then merge as it was before. Something like:

$data="some markup <pre> <code> htmlspecialchars(some code) </code> </pre> some markup"

Can't figure out how to do it..

Wait... why not just run the whole string through htmlspecialchars()? — FrankieTheKneeMan, Aug 13 '12 at 19:29
Have you tried parsing it with [DOM](http://php.net/manual/en/book.dom.php)? — Matt, Aug 13 '12 at 19:30

score 0 · Answer 1 · answered Aug 13 '12 at 19:29

0

Sanitize it on the way in. Then you only have ONE chance to screw it up and get your site hacked, instead of having to get it right everywhere you use the data.

answered Aug 13 '12 at 19:29

Tyler Eaves

12,879
1
32
39

score 0 · Accepted Answer · answered Aug 13 '12 at 19:31

0

I think you probably want to parse the HTML with DOM, then find all instances where there's code between <pre> and <code> tags.

Then you can take that text and do a str_replace() on it.

answered Aug 13 '12 at 19:31

Matt

6,993
4
29
50

Elastic Lamb · Answer 3 · 2012-08-13T19:45:53.300

-1

$data = 'one<pre><code>two</code></pre>three';
$code = preg_match('~^(.*)<pre><code>(.*)</code></pre>(.*)$~', $data, $matches);
var_dump($matches);

edited Aug 13 '12 at 19:45

answered Aug 13 '12 at 19:30

Elastic Lamb

353
2
12

1

[The pony. He comes.](http://stackoverflow.com/a/1732454/1338999) Stop trying to parse a non-regular language (a.k.a. HTML) with regular expressions. It DOES NOT WORK. – Matt Aug 13 '12 at 19:31
It's no HTML. Furthermore you can use regular expressions to extract information like that. – Elastic Lamb Aug 13 '12 at 19:46

htmlspecialchars all markup inside

3 Answers3