[development] Strip_tags and JS
nan_wich at bellsouth.net
Thu Jun 10 22:03:09 UTC 2010
Yes, Earl, it would be - if it worked. The problem is that it removes the "script" tag itself, but not the script text. There is an open core issue on this. The same problem applies to "style" as well. I started with filter_xss and a custom list of safe tags.
Nancy E. Wichmann, PMP
Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
From: Earl Miles <merlin at logrus.com>
To: development at drupal.org
Sent: Thu, June 10, 2010 5:58:02 PM
Subject: Re: [development] Strip_tags and JS
On 6/10/2010 12:39 PM, Jamie Holly wrote:
> $text= preg_replace('/<script.*?<\/script>/xmsi', '', $text) should do
> the trick.
$text = strip_tags(filter_xss_admin($text)) is easier.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the development