开发者

remove specific html tags using php

问答 作者:

Since I dont want to use s开发者_JS百科tip_tags function of php instead of I want to replace <script> and </script> to empty string so that output should be alert(1).

Input:- <script>alert(1)</script>

Output:- alert(1)

how to achieve it.

Either use a simple replace:

$string = str_replace(array("<script>","</script>"), "");

or a RegEx:

$string = preg_replace("/<script.*?>(.*)?<\/script>/im","$1",$string);

Easy way is using StripTags.

go to StripTags github and download or install via composer. this class has a method called only that do this for you!

use Mimrahe\StripTags\Stripper;
$stripper = new Stripper();
$stripper->text('<a href="#">link</a><p>some paragraph</a>');
$stripper->only(['p']);
echo $stripper->strip(); // prints '<a href="#">link</a>some paragraph'

I guess you want to prevet XSS attacks, you shouldn't merely worry about script tags, someone might exploit it like this: <a href="http://anywhere.com" onClick="alert(1);">test</a> (this is a very basic way though).

If you only want the script tag, with no attributes, to be filtered:

str_replace(array('<script>', '</script>'), array('', ''), $str);

You should improve this using Regex; using preg_match'es and preg_replaces (or only preg_replaces) you can match and/or replace the script tag with its attributes. Or even have more protection against XSS.

Edit: or even a regex like /<script>(.+)<\/script>/ then store what between the brackets into a variable then print it.

Try this comrade..

$strn = "<script>alert(1)</script>";
$ptrn = "=^<script>(.*)</script>$=i";

echo preg_match( $ptrn, $strn, $mtchs ); // 0 means fail to matche and 1 means matches was found!
var_dump( $mtchs );

results in 

1array(2) { 
    [0]=> string(25) "" 
    [1]=> string(8) "alert(1)" 
}

You can always use strip_tags() with a second parameter containing the allowable tags.

Alternativly, use...

preg_replace('/<script>(.*)</script>/i', '$1', $input);

Note, not tested.

echo strip_tags($text, '<p><strong><a>');

Just state the ones you dont want removed in the second param

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9