[PHP-DEV] Bug #10362: strip_tags() strips round brackets inside allowed html tags

jo Tue, 17 Apr 2001 08:44:30 -0700

From:             [EMAIL PROTECTED]
Operating system: Linux 2.4.3
PHP version:      4.0.4pl1
PHP Bug Type:     Unknown/Other Function
Bug description:  strip_tags() strips round brackets inside allowed html tags

When using strip_tags() with the optional conversion 
param, it still strips round brackets "()" from the input 
string.
Example:
<?php
$allowed = "<a>";
$tag = "<a href=\"$PHP_SELF\" "; 
$tag .= "onClick=\"alert('Hello')\">click</a>";
printf("%s", strip_tags($tag, $allowed));
?>
results in
<a href="whatever.php" onCLick="alert'Hello'">click</a>
missing brackets---------------------^-----^

and leaves the <a> Tag unuseable.



-- 
Edit Bug report at: http://bugs.php.net/?id=10362&edit=1



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #10362: strip_tags() strips round brackets inside allowed html tags

Reply via email to