He might want to use this function but doing so no links or bold underline Tags will be destroyed as well.
-----Ursprungliche Nachricht----- Von: J Smith [mailto:[EMAIL PROTECTED]] Gesendet: Montag, 22. April 2002 10:08 PM An: [EMAIL PROTECTED] Betreff: [PHP] Re: Second opinion needed - javascript blocker Try looking at htmlspecialchars() and htmlentities() instead. They'll convert things like < and > to > and < and ampersands to &. J Leif K-Brooks wrote: > I am trying to block javascript from ares of my site that users can > change. > I am going to use the following code. Can someone give me a second > opinion on whether it will work? > > function stopjavascript($text){ > //Stop people from using &whatever; tags, in case they can smuggle > javascript in with that > $text = str_replace("&","&",$text); > //Stop the onmouseover, etc. parameters > $text = eregi_replace("on","o-n",$text); > //Stop script tags, as well as links to javascript: > $text = eregi_replace("script","sc-ript",$text); > //Return the edited string > return $text; > } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
