Security Question

Hi,

I wondered if you could give me your input on a potential security issue I’ve come across?

I have been looking to preserve html markup in post excerpts and came across this code:

———

<?php
function keep_my_links($text) {
  global $post;
if ( '' == $text ) {
    $text = get_the_content('');
    $text = apply_filters('the_content', $text);
    $text = str_replace('\]\]\>', ']]>', $text);
    $text = preg_replace('@<script[^>]*?>.*?</script>@si', '', $text);
    $text = strip_tags($text, '<a>');
  }
  return $text;
}
remove_filter('get_the_excerpt', 'wp_trim_excerpt');
add_filter('get_the_excerpt', 'keep_my_links');
?>

——–

This is the line which prevents links from being deleted in excerpts.
$text = strip_tags($text, '</a><a>');

However I’ve read that this can lead to security issues, such as:

——-
A word of caution. strip_tags() can actually be used for input validation as long as you remove ANY tag. As soon as you accept a single tag (2nd parameter), you are opening up a security hole such as this:

<acceptedTag onLoad="javascript:malicious()" />
——-

Do you think this is a problem, and does Ninja Firewall interact with this issue in any way?

https://ww.wp.xz.cn/plugins/ninjafirewall/

[moderated to put backtick tags around code]