I have some set of possible tags for example "<main>", "<text>", "<tag>". Rest of characters I would like to treat with htmlentities (htmlspecialchars)

<main>
<text>
<tag> <>  X&Y <  <falsetag> <tag attr="123" /> </tag>
</text>
</main>

The result should be

<main>
<text>
<tag> &lt;&gt;  X&amp;Y &lt;  &lt;falsetag&gt; <tag attr="123" /> </tag>
</text>
</main>

What's the best way to do it.

You can run htmlentities on the text then use a regular expression to replace the allowed tags <>

Example...

$str = '<main>
<text>
<tag> <>  X&Y <  <falsetag> <tag attr="123" /> </tag>
</text>
</main>
';

$allowed_tags = array( 'tag', 'text', 'main' );

$escaped_str = htmlentities( $str );

$replace_what = array_map( function($v){ return "~&lt;(/?)$v(.*?)&gt;~"; }, $allowed_tags );
$replace_with = array_map( function($v){ return "<$1$v$2>"; }, $allowed_tags );

echo preg_replace( $replace_what, $replace_with, $escaped_str );

The only solution I see is to load it into an XML parser and then recursively build the output string yourself, but this will take a little work.

Note: A regular expression solution (like what Galen proposed) will not work in all cases because attribute values may contain >.

I have a simple Solution that worked good for me:

$text = htmlentities($text, ENT_QUOTES, "UTF-8");
$text = htmlspecialchars_decode($text);
$text = strip_tags($text, "<p><b><h2>");