标签列表应该在哪里定义?在应用程序的控制器?

你可以这样做.如果您可能会在应用程序的其他地方重用该列表，您可能需要考虑使用 Zend_Registry.

数组是否必须包含 <> ... ?

只是'h1'.例如:

$allowedTags = array('一个'，'b','他们'，'强的');

数组是否必须包含结束标记...?

没有

一个例子将不胜感激.

当然:

//只允许 、、;和<strong>标签$allowedTags = array('a','b','em','strong');//只允许在上面的标签中使用 href 属性//(无论如何应该只在<a>标签内)$allowedAttributes = array('href');//创建一个 Zend_Filter_StripTags 实例来使用$stripTags = new Zend_Filter_StripTags($allowedTags,$allowedAttributes);//现在过滤字符串$sanitizedInput = $stripTags->filter($userInput);

这是否回答了您的问题?

I have some very fundamental questions about the use of the setTagsAllowed and getTagsAllowed methods used with Zend Framework's Zend_Filter_StripTags? Specifically:

1. Where should the list of tags defined? In the application's controller?
2. Does the array have to include the <> eg '<h1>' or just 'h1'?
3. Does the array have to include the closing tags eg '</h1>'?

An example would be appreciated.

Where should the list of tags defined? In the application's controller?

You could do that. If you're likely to reuse the list elsewhere in your application, you might want to consider using Zend_Registry.

Does the array have to include the <> ... ?

Just 'h1'. For example:

$allowedTags = array(
'a',
'b',
'em',
'strong'
);

Does the array have to include the closing tags ... ?

No.

An example would be appreciated.

Sure:

// permit only the <a>, <b>, <em> and <strong> tags
$allowedTags = array('a','b','em','strong');

// allow only the href attribute to be used in the above tags 
// (which should only be within the <a> tag anyway)
$allowedAttributes = array('href');

// create an instance of Zend_Filter_StripTags to use
$stripTags = new Zend_Filter_StripTags($allowedTags,$allowedAttributes);

// now filter the string
$sanitizedInput = $stripTags->filter($userInput);

Does this answer your question?