[development] Strip_tags and JS
nan wich
nan_wich at bellsouth.net
Thu Jun 10 22:03:09 UTC 2010
Yes, Earl, it would be - if it worked. The problem is that it removes the "script" tag itself, but not the script text. There is an open core issue on this. The same problem applies to "style" as well. I started with filter_xss and a custom list of safe tags.
Nancy E. Wichmann, PMP
Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
________________________________
From: Earl Miles <merlin at logrus.com>
To: development at drupal.org
Sent: Thu, June 10, 2010 5:58:02 PM
Subject: Re: [development] Strip_tags and JS
On 6/10/2010 12:39 PM, Jamie Holly wrote:
> $text= preg_replace('/<script.*?<\/script>/xmsi', '', $text) should do
> the trick.
$text = strip_tags(filter_xss_admin($text)) is easier.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100610/36bcc3ff/attachment.html
More information about the development
mailing list