Try looking at htmlspecialchars() and htmlentities() instead. They'll 
convert things like < and > to &gt; and &lt; and ampersands to &amp;.


Leif K-Brooks wrote:

> I am trying to block javascript from ares of my site that  users can
> change.
> I am going to use the following code.  Can someone give me a second
> opinion on whether it will work?
> function stopjavascript($text){
> //Stop people from using &whatever;  tags, in case they can smuggle
> javascript in with that
> $text = str_replace("&","&amp;",$text);
> //Stop the onmouseover, etc. parameters
> $text = eregi_replace("on","o-n",$text);
> //Stop script tags, as well as links to javascript:
> $text = eregi_replace("script","sc-ript",$text);
> //Return the edited string
> return $text;
> }

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to