/**
Remove HTML tags (except those enumerated) to protect against
XSS/code injection attacks
@return mixed
@param $_input string
@param $_tags string
@public
**/
public static function scrub($_input, $_tags = NULL)
{
if (is_array($_input)) {
foreach ($_input as $_key => $_val) {
$_input[$_key] = self::scrub($_val, $_tags);
}
}
if (is_string($_tags)) {
$_tags = '<' . implode('><', explode('|', $_tags)) . '>';
}
return is_string($_input) ? htmlspecialchars(F3::fixQuotes(strip_tags($_input, $_tags)), ENT_COMPAT, F3::$global['ENCODING'], FALSE) : $_input;
}
