Maybe u should just strip all the javascript tags out
Of the user-input (output page) with a script like this:
$text = eregi_replace( *script[^]*([^]*)[^]*,//1,$test);
this should stip all the script-tags out of the text, but
will keep the text between the tags.
(the code was NOT tested :))
HF
red
-Ursprungliche Nachricht-
Von: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
Gesendet: Montag, 22. April 2002 9:18 PM
An: [EMAIL PROTECTED]
Betreff: [PHP] Second opinion needed - javascript blocker
I am trying to block javascript from ares of my site that users can change.
I am going to use the following code. Can someone give me a second opinion
on whether it will work?
function stopjavascript($text){
//Stop people from using whatever; tags, in case they can smuggle
javascript in with that
$text = str_replace(,amp;,$text);
//Stop the onmouseover, etc. parameters
$text = eregi_replace(on,o-n,$text);
//Stop script tags, as well as links to javascript:
$text = eregi_replace(script,sc-ript,$text);
//Return the edited string
return $text;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
