[PHP-DEV] Bug #10362 Updated: strip_tags() strips round brackets inside allowed html tags

elixer Sat, 28 Apr 2001 15:54:01 -0700

ID: 10362
Updated by: elixer
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Closed
Bug Type: Unknown/Other Function
PHP Version: 4.0.4pl1
Assigned To: 
Comments:

Fixed in CVS.  It will be part of PHP4.0.6 when it is released.

Previous Comments:
---------------------------------------------------------------------------

[2001-04-17 12:02:44] [EMAIL PROTECTED]
When using strip_tags() with the optional conversion 
param, it still strips round brackets "()" from the input 
string.
Example:
<?php
$allowed = "<a>";
$tag = "<a href="$PHP_SELF" "; 
$tag .= "onClick="alert('Hello')">click</a>";
printf("%s", strip_tags($tag, $allowed));
?>
results in
<a href="whatever.php" onCLick="alert'Hello'">click</a>
missing brackets---------------------^-----^

and leaves the <a> Tag unuseable.


---------------------------------------------------------------------------



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=10362&edit=2


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #10362 Updated: strip_tags() strips round brackets inside allowed html tags

Reply via email to