<?php 
/** HTML Attribute Filter 
*  Date:  2013-09-22 
*  Author: fdipzone 
*  ver:  1.0 
* 
*  Func: 
*  public strip       過濾屬性 
*  public setAllow      設(shè)置允許的屬性 
*  public setException    設(shè)置特例 
*  public setIgnore     設(shè)置忽略的標記 
*  private findElements    搜尋需要處理的元素 
*  private findAttributes   搜尋屬性 
*  private removeAttributes  移除屬性 
*  private isException    判斷是否特例 
*  private createAttributes  創(chuàng)建屬性 
*  private protect      特殊字符轉(zhuǎn)義 
*/ 
 
class HtmlAttributeFilter{ // class start 
 
  private $_str = '';      // 源字符串 
  private $_allow = array();   // 允許保留的屬性 例如:array('id','class','title') 
  private $_exception = array(); // 特例 例如:array('a'=>array('href','class'),'span'=>array('class')) 
  private $_ignore = array();  // 忽略過濾的標記 例如:array('span','img') 
 
 
  /** 處理HTML,過濾不保留的屬性 
  * @param String $str 源字符串 
  * @return String 
  */ 
  public function strip($str){ 
    $this->_str = $str; 
 
    if(is_string($this->_str) && strlen($this->_str)>0){ // 判斷字符串 
 
      $this->_str = strtolower($this->_str); // 轉(zhuǎn)成小寫 
 
      $res = $this->findElements(); 
      if(is_string($res)){ 
        return $res; 
      } 
      $nodes = $this->findAttributes($res); 
      $this->removeAttributes($nodes); 
    } 
    return $this->_str; 
  } 
 
  /** 設(shè)置允許的屬性 
  * @param Array $param 
  */ 
  public function setAllow($param=array()){ 
    $this->_allow = $param; 
  } 
 
  /** 設(shè)置特例 
  * @param Array $param 
  */ 
  public function setException($param=array()){ 
    $this->_exception = $param; 
  } 
 
  /** 設(shè)置忽略的標記 
  * @param Array $param 
  */ 
  public function setIgnore($param=array()){ 
    $this->_ignore = $param; 
  } 
 
  /** 搜尋需要處理的元素 */ 
  private function findElements(){ 
    $nodes = array(); 
    preg_match_all("/<([^ !\/\>\n]+)([^>]*)>/i", $this->_str, $elements); 
    foreach($elements[1] as $el_key => $element){ 
      if($elements[2][$el_key]){ 
        $literal = $elements[0][$el_key]; 
        $element_name = $elements[1][$el_key]; 
        $attributes = $elements[2][$el_key]; 
        if(is_array($this->_ignore) && !in_array($element_name, $this->_ignore)){ 
          $nodes[] = array('literal'=>$literal, 'name'=>$element_name, 'attributes'=>$attributes); 
        } 
      } 
    } 
 
    if(!$nodes[0]){ 
      return $this->_str; 
    }else{ 
      return $nodes; 
    } 
  } 
 
  /** 搜尋屬性 
  * @param Array $nodes 需要處理的元素 
  */ 
  private function findAttributes($nodes){ 
    foreach($nodes as &$node){ 
      preg_match_all("/([^ =]+)\s*=\s*[\"|']{0,1}([^\"']*)[\"|']{0,1}/i", $node['attributes'], $attributes); 
      if($attributes[1]){ 
        foreach($attributes[1] as $att_key=>$att){ 
          $literal = $attributes[0][$att_key]; 
          $attribute_name = $attributes[1][$att_key]; 
          $value = $attributes[2][$att_key]; 
          $atts[] = array('literal'=>$literal, 'name'=>$attribute_name, 'value'=>$value); 
        } 
      }else{ 
        $node['attributes'] = null; 
      } 
      $node['attributes'] = $atts; 
      unset($atts); 
    } 
    return $nodes; 
  } 
 
  /** 移除屬性 
  * @param Array $nodes 需要處理的元素 
  */ 
  private function removeAttributes($nodes){ 
    foreach($nodes as $node){ 
      $node_name = $node['name']; 
      $new_attributes = ''; 
      if(is_array($node['attributes'])){ 
        foreach($node['attributes'] as $attribute){ 
          if((is_array($this->_allow) && in_array($attribute['name'], $this->_allow)) || $this->isException($node_name, $attribute['name'], $this->_exception)){ 
            $new_attributes = $this->createAttributes($new_attributes, $attribute['name'], $attribute['value']); 
          } 
        } 
      } 
      $replacement = ($new_attributes) ? "<$node_name $new_attributes>" : "<$node_name>"; 
      $this->_str = preg_replace('/'.$this->protect($node['literal']).'/', $replacement, $this->_str); 
    } 
  } 
 
  /** 判斷是否特例 
  * @param String $element_name  元素名 
  * @param String $attribute_name 屬性名 
  * @param Array $exceptions   允許的特例 
  * @return boolean 
  */ 
  private function isException($element_name, $attribute_name, $exceptions){ 
    if(array_key_exists($element_name, $this->_exception)){ 
      if(in_array($attribute_name, $this->_exception[$element_name])){ 
        return true; 
      } 
    } 
    return false; 
  } 
 
  /** 創(chuàng)建屬性 
  * @param String $new_attributes 
  * @param String $name 
  * @param String $value 
  * @return String 
  */ 
  private function createAttributes($new_attributes, $name, $value){ 
    if($new_attributes){ 
      $new_attributes .= " "; 
    } 
    $new_attributes .= "$name=\"$value\""; 
    return $new_attributes; 
  } 
 
 
  /** 特殊字符轉(zhuǎn)義 
  * @param String $str 源字符串 
  * @return String 
  */ 
  private function protect($str){ 
    $conversions = array( 
      "^" => "\^",  
      "[" => "\[",  
      "." => "\.",  
      "$" => "\$",  
      "{" => "\{",  
      "*" => "\*",  
      "(" => "\(",  
      "\\" => "\\\\",  
      "/" => "\/",  
      "+" => "\+",  
      ")" => "\)",  
      "|" => "\|",  
      "?" => "\?",  
      "<" => "\<",  
      ">" => "\>"  
    ); 
    return strtr($str, $conversions); 
  } 
 
} // class end 
 
?>

<?php 
require('HtmlAttributeFilter.class.php'); 
 
$str = '<div class="bd clearfix" id="index_hilite_ul"><ul class="list"><li><img src="http://su.bdimg.com/static/skin/img/logo_white.png" width="118" height="148"><div class="cover"><a class="text" href="http://www.dhdzp.com"><strong>yuna</strong><p>love</p></a><strong class="t g">want to know</strong><a href="/login.html" class="ppBtn"><strong class="text">YES</strong></a></div></li></ul></div>'; 
 
$obj = new HtmlAttributeFilter(); 
 
// 允許id屬性 
$obj->setAllow(array('id')); 
 
$obj->setException(array( 
  'a' => array('href'),  // a 標簽允許有 href屬性特例 
  'ul' => array('class') // ul 標簽允許有 class屬性特例 
)); 
 
// img 標簽忽略,不過濾任何屬性 
$obj->setIgnore(array('img')); 
 
echo 'source str:<br>'; 
echo htmlspecialchars($str).'<br><br>'; 
echo 'filter str:<br>'; 
echo htmlspecialchars($obj->strip($str)); 
?>