What about:
        1. getting rid of anything between "<script" and </script.*>"
        2. get rid of any attributes that start with " on" and end with a
quotes or space
                Maybe I'm forgetting about some valid attributes that start
with "on", you might have to cater for them

Does this work?


-----Original Message-----
From: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 23, 2002 6:49 AM
Subject: Re: AW: [PHP] Re: Second opinion needed - javascript blocker

Thynks, but I don't want to block html, I want to block javascript!  And
since onmouseover and similar events can be put in any tag, I'm trying to
block them.
on 4/22/02 4:44 PM, J Smith at [EMAIL PROTECTED] wrote:

Then I'd suggest using the strip_tags() function and define which tags you'd
like to leave untouched.


Red Wingate wrote:

> He might want to use this function but doing so no links or bold underline
> Tags will be destroyed as well.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to