开发者

Strip <script> tags and everything in between with PHP?

How would I go about removing script tags, and e开发者_如何学编程verything inside them using PHP?


As David says, filtering only script tags is not enough if you're looking to sanitize incoming data. HTML Purifier promises to do the full package:

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.


Go with HTML Purifier as Pekka suggested.

Never go with regex for that case

Here is a example, regexes filters broken, works on browsers (tested on firefox)

<script script=">>><script></script><script>//"  >
/**/
alert(1);
</script
>


I use this:

$tag_para_remover_codigo_fonte_url_dentro_buscador = array("head","script","style","object","embed","applet","noscript","noframes","noembed");

for ($i=0;$i<count($tag_para_remover_codigo_fonte_url_dentro_buscador);$i++) {

    $codigo_fonte_url_dentro_buscador = preg_replace("/< *" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . "[^>]*>(.*?)<\/" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . " *>/i"," ",$codigo_fonte_url_dentro_buscador);

}

$codigo_fonte_url_dentro_buscador = html_entity_decode(strip_tags($codigo_fonte_url_dentro_buscador));


You can do that with the function strip_tags

http://www.php.net/strip_tags

<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);

// Allow <p> and <a>
echo strip_tags($text, '<p><a>');
?>
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜