From:             [EMAIL PROTECTED]
Operating system: Linux 2.4.3
PHP version:      4.0.4pl1
PHP Bug Type:     Unknown/Other Function
Bug description:  strip_tags() strips round brackets inside allowed html tags

When using strip_tags() with the optional conversion 
param, it still strips round brackets "()" from the input 
$allowed = "<a>";
$tag = "<a href=\"$PHP_SELF\" "; 
$tag .= "onClick=\"alert('Hello')\">click</a>";
printf("%s", strip_tags($tag, $allowed));
results in
<a href="whatever.php" onCLick="alert'Hello'">click</a>
missing brackets---------------------^-----^

and leaves the <a> Tag unuseable.

Edit Bug report at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to