[development] Strip_tags and JS

nan wich nan_wich at bellsouth.net
Thu Jun 10 22:03:09 UTC 2010

Yes, Earl, it would be - if it worked. The problem is that it removes the "script" tag itself, but not the script text. There is an open core issue on this. The same problem applies to "style" as well. I started with filter_xss and a custom list of safe tags.
Nancy E. Wichmann, PMP
Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.

From: Earl Miles <merlin at logrus.com>
To: development at drupal.org
Sent: Thu, June 10, 2010 5:58:02 PM
Subject: Re: [development] Strip_tags and JS

On 6/10/2010 12:39 PM, Jamie Holly wrote:
> $text= preg_replace('/<script.*?<\/script>/xmsi', '', $text) should do
> the trick.

$text = strip_tags(filter_xss_admin($text)) is easier.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100610/36bcc3ff/attachment.html 

More information about the development mailing list