On 25.06.2018 at 08:12, Stanislav Malyshev wrote: >> fgetss() function and string.strip_tags filter > > I think I disagree with "strip_tags() itself, due to its limitations and > known bugs, already has very few legitimate applications" and certainly > the manual does not have any notice to that effect. I am not sure what > is the reason to remove this functionality, would like to hear more > about it - and it doesn't seem so minor as to be 1/4 of the RFC. If I > had to vote today, I'd probably vote no just on this point. > It may be true that strip_tags() alone without streaming part could be > implemented easier. However, that is not a reason to drop functionality > by itself, unless it's already completely broken. If it is, I'd like to > hear more about it.
There are multiple bug reports regarding strip_tags()'s broken behavior on (slightly) malformed HTML, e.g. <https://bugs.php.net/63212>, <https://bugs.php.net/64430> and <https://bugs.php.net/74371>, which renders the function unusable on arbitrary user supplied input. -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php