尝试删除HTML中的脚本标签

Question

I am trying to remove script tags from HTML using PHP but it doesn't work if there's HTML inside the javascript.

For example, if the script tags contain something like this:

function tip(content) {
        $('<div id="tip">' + content + '</div>').css

It will stop at </div> and the rest of the script will still be taken into account.

This is what I have been using to remove the script tags:

foreach ($doc->getElementsByTagName('script') as $node)
{
    $node->parentNode->removeChild($node);
}

Answer 1

How about some regex-based pre-processing?

Example input.html :

<html>
  <head>
    <title>My example</title>
  </head>
  <body>
    <h1>Test</h1>
    <div id="foo">&nbsp;</div>
    <script type="text/javascript">
      document.getElementById('foo').innerHTML = '<span style="color:red;">Hello World!</span>';
    </script>
  </body>
</html>

Script tag removing php script:

<?php

    // unformatted source output:
    header("Content-Type: text/plain");

    // read the example input file given above into a string:
    $input = file_get_contents('input.html');

    echo "Before:\r\n";
    echo $input;
    echo "\r\n\r\n-----------------------\r\n\r\n";

    // replace script tags including their contents by ""
    $output = preg_replace("~<script[^<>]*>.*</script>~Uis", "", $input);

    echo "After:\r\n";
    echo $output;
    echo "\r\n\r\n-----------------------\r\n\r\n";

?>

Answer 2

You can use strip_tags function. In which you can allow the HTML attributes which you want allowed.

Answer 3

I think this is 'here and now' problem, and you need no something special. Just do something like this:

$text = file_get_content('index.html');
while(mb_strpos($text, '<script') != false) {
$startPosition = mb_strpos($text, '<script');
$endPosition = mb_strpos($text, '</script>');
$text = mb_substr($text, 0, $startPosition).mb_substr($text, $endPosition + 7, mb_strlen($text));
}
echo $text;

Only set encoding for 'mb_' like functions