It sure would :) But if you're going to have HTML such as:
< valid_tag > blah blah < this isn't a tag > < /valid_tag >
then you've got problems no matter what you do :)
On Fri, 7 Jun 2002, Stuart Dallas wrote:
> On Friday, June 7, 2002 at 10:23:08 PM, you wrote:
>
> > Hmm... you could always do something like:
>
> > $t = ereg_replace(" < ", " < ", $t);
> > $t = ereg_replace(" > ", " > ", $t);
>
> > $nt = strip_tags($t);
>
> > $nt = ereg_replace(" < ", " < ", $nt);
> > $nt = ereg_replace(" > ", " > ", $nt);
>
> > maybe?
>
> That depends on what you're attempting to do. It would leave the following
> SCRIPT section intact...
>
> < SCRIPT language="javascript" >
> // do something nasty here
> < /SCRIPT>
>
> I don't know what others use strip_tags for, but I've only ever used it to
> remove script/html tags from forum posts. Using your code would create a massive
> security hole.
>
> --
> Stuart
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
