I was using the php strip_tags() function to remove html tags from my text area input and to remove < script > tags to help guard against scripting attacks.
Anyway, often times the user is going to need to input XML tags that are not known in advance. However, my strip_tags function is removing these benign xml tags as well, which is not acceptable.
Also, I'll sometimes put filename.< date>.png (had to add a space there because StackOverflow removed it as well lol) to indicate variable parts of a file name or path. In this case what I end up with is filename..png after strip_tags is run.
Any help would be greatly appreciated.
It is not possible to make strip_tags
not remove unknown tags. You may want to look at DOMDocument for a viable alternative.
strip_tags()
is defined as removing all HTML/XML tags (other than the individual tags specified in the second argument). There is no distinction between the two types of tags, nor between that and <date>
used as a placeholder -- all three look like tags to strip_tags()
, so it removes them.
$s = preg_replace("/<\?xml(.*?)\?>/i", "<xmlDeclaration$1>", $s); $s = strip_tags($s, '<xmlDeclaration><' . implode('><', $allowedTags) . '>'); $s = preg_replace("/<xmlDeclaration(.*?)>/i", "<?xml$1?>", $s);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.