Edit report at https://bugs.php.net/bug.php?id=62314&edit=1
ID: 62314 User updated by: FireFart at gmail dot com Reported by: FireFart at gmail dot com Summary: strip_tags - Only one iteration -Status: Open +Status: Closed Type: Bug Package: *General Issues PHP Version: Irrelevant Block user comment: N Private report: N New Comment: wrong Previous Comments: ------------------------------------------------------------------------ [2012-06-13 15:31:45] FireFart at gmail dot com Description: ------------ The "strip_tags" function strips tags only in one iteration. So the following string can be used to bypass the strip_tags functionality. I'm not sure if it's a bug or a documentation issue, because a warning on the docs would also do the job. Test script: --------------- <scr<script></script>ipt>alert(document.cookie);</scri<script></script>pt> ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62314&edit=1
