Strip <script> tags and everything in between with PHP?
How would I go about removing script tags, and e开发者_如何学编程verything inside them using PHP?
As David says, filtering only script tags is not enough if you're looking to sanitize incoming data. HTML Purifier promises to do the full package:
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.
Go with HTML Purifier as Pekka suggested.
Never go with regex for that case
Here is a example, regexes filters broken, works on browsers (tested on firefox)
<script script=">>><script></script><script>//" >
/**/
alert(1);
</script
>
I use this:
$tag_para_remover_codigo_fonte_url_dentro_buscador = array("head","script","style","object","embed","applet","noscript","noframes","noembed");
for ($i=0;$i<count($tag_para_remover_codigo_fonte_url_dentro_buscador);$i++) {
$codigo_fonte_url_dentro_buscador = preg_replace("/< *" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . "[^>]*>(.*?)<\/" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . " *>/i"," ",$codigo_fonte_url_dentro_buscador);
}
$codigo_fonte_url_dentro_buscador = html_entity_decode(strip_tags($codigo_fonte_url_dentro_buscador));
You can do that with the function strip_tags
http://www.php.net/strip_tags
<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
// Allow <p> and <a>
echo strip_tags($text, '<p><a>');
?>
精彩评论