Maybe u should just strip all the javascript tags out
Of the user-input (output page) with a script like this:

$text = eregi_replace("< *script[^>]*>([^<]*)<[^>]*>","//1",$test);

this should stip all the script-tags out of the text, but
will keep the text between the tags.

(the code was NOT tested :))

-----Ursprungliche Nachricht-----
Von: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
Gesendet: Montag, 22. April 2002 9:18 PM
Betreff: [PHP] Second opinion needed - javascript blocker

I am trying to block javascript from ares of my site that  users can change.
I am going to use the following code.  Can someone give me a second opinion
on whether it will work?

function stopjavascript($text){
//Stop people from using &whatever;  tags, in case they can smuggle
javascript in with that
$text = str_replace("&","&amp;",$text);
//Stop the onmouseover, etc. parameters
$text = eregi_replace("on","o-n",$text);
//Stop script tags, as well as links to javascript:
$text = eregi_replace("script","sc-ript",$text);
//Return the edited string
return $text;

PHP General Mailing List (
To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to