On Friday, June 7, 2002 at 10:23:08 PM, you wrote:
> Hmm... you could always do something like:
> $t = ereg_replace(" < ", " < ", $t);
> $t = ereg_replace(" > ", " > ", $t);
> $nt = strip_tags($t);
> $nt = ereg_replace(" < ", " < ", $nt);
> $nt = ereg_replace(" > ", " > ", $nt);
> maybe?
That depends on what you're attempting to do. It would leave the following
SCRIPT section intact...
< SCRIPT language="javascript" >
// do something nasty here
< /SCRIPT>
I don't know what others use strip_tags for, but I've only ever used it to
remove script/html tags from forum posts. Using your code would create a massive
security hole.
--
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
