What about:
1. getting rid of anything between "<script" and </script.*>"
2. get rid of any attributes that start with " on" and end with a
quotes or space
Maybe I'm forgetting about some valid attributes that start
with "on", you might have to cater for them
Does this work?
HTH
Martin
-----Original Message-----
From: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 23, 2002 6:49 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: AW: [PHP] Re: Second opinion needed - javascript blocker
Thynks, but I don't want to block html, I want to block javascript! And
since onmouseover and similar events can be put in any tag, I'm trying to
block them.
on 4/22/02 4:44 PM, J Smith at [EMAIL PROTECTED] wrote:
Then I'd suggest using the strip_tags() function and define which tags you'd
like to leave untouched.
J
Red Wingate wrote:
> He might want to use this function but doing so no links or bold underline
> Tags will be destroyed as well.
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
