We have a custom-built CMS for one of our clients, and are using strip_tags to prevent them from adding unsafe tags to their templates (i.e. script tags.) We take the initial $_POST value and save it as a var, then run strip_tags on the var and compare the two. If there are any changes, an error is thrown.
They recently reported that they are getting the error even when not using any tags outside of our whitelist. I've run through the content they're trying to save, and not seeing anything that would cause the error to be thrown.
Is there any way to extend strip_tags to return a list of the tags it's stripping?
Basically, this is what we're doing:
$init_input = $_POST['template_data'];
$_POST['template_data'] = strip_tags($_POST['template_data'],
"<p><a><div><sub><sup><ul><li><h1><h2><h3><h4><h5><h6><abbr><strong>
<address><br><hr><table><tr><b><td><tbody><thead><ol><span><i><em>
<data-accordion><data-accordion-group><data-accordion-heading>
<select><accordion><accordion-group><accordion-heading><img>
<style><head><body><html><meta><option><!doctype>");
//Send an email if there are tags being stripped
if($init_input !== $_POST['template_data']){
Logger::ErrorLog("Unapproved Markup Submitted Within CMS: $init_input");
}