Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Strip <script> tags and everything in between with PHP?

Tags:

php

How would I go about removing script tags, and everything inside them using PHP?

like image 521
Probocop Avatar asked Apr 23 '10 11:04

Probocop

People also ask

How do I strip HTML tags in PHP?

The strip_tags() function strips a string from HTML, XML, and PHP tags. Note: HTML comments are always stripped. This cannot be changed with the allow parameter. Note: This function is binary-safe.

How can I remove only the script tag in PHP?

How to remove script tags from string in php? HTML; $dom = new DOMDocument(); $dom->loadHTML($html); $script = $dom->getElementsByTagName('script'); $remove = []; foreach($script as $item) { $remove[] = $item; } foreach ($remove as $item) { $item->parentNode->removeChild($item); } $html = $dom->saveHTML();

Why is it important to put the script tag at the end and not in the start?

We put the script elements at the end of the body, after all of the page's contents. This means the entire page will display as soon as it's available, and then the scripts will download to make things work.

Can you put more than one script tag inside the body tag?

Yes, we can write any number of tags inside tag.

3 Answers

As David says, filtering only script tags is not enough if you're looking to sanitize incoming data. HTML Purifier promises to do the full package:

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

like image 129
Pekka Avatar answered Oct 13 '22 00:10

Pekka

Go with HTML Purifier as Pekka suggested.

Never go with regex for that case

Here is a example, regexes filters broken, works on browsers (tested on firefox)

<script script=">>><script></script><script>//"  >
/**/
alert(1);
</script
>
like image 30
YOU Avatar answered Oct 12 '22 22:10

YOU

I use this:

$tag_para_remover_codigo_fonte_url_dentro_buscador = array("head","script","style","object","embed","applet","noscript","noframes","noembed");

for ($i=0;$i<count($tag_para_remover_codigo_fonte_url_dentro_buscador);$i++) {

    $codigo_fonte_url_dentro_buscador = preg_replace("/< *" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . "[^>]*>(.*?)<\/" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . " *>/i"," ",$codigo_fonte_url_dentro_buscador);

}

$codigo_fonte_url_dentro_buscador = html_entity_decode(strip_tags($codigo_fonte_url_dentro_buscador));
like image 20
João Miros Avatar answered Oct 12 '22 23:10

João Miros
Sign in to Comment

Related questions

Redirect to login page if user is not logged in
Apache/PHP returns HTTP Status Code 200 on error pages
Curl returns true instead of value
How to request file with array name of input file?
How to join two tables with ssp.class.php
"Regular Expression is too large" error in PHP
add foreign key in Codeigniter migration
Using Laravel Auth middleware
Why can PHP calculate 0.1 + 0.2 when other languages fail?
Doctrine without setters
increase memory limit on wamp
How to add headers in Guzzle http
Laravel Bulk Update for multiple record ids
The error “base64: unrecognized option: w” is output in alpine linux
Determining width of a printed string by a webapp
How do I keep a mySQL database secure?
Caching variables in the $_SESSION variable?
Some ORM using PDO?
Can a PHP script abort itself or detect abortion?
catching all errors and redirecting to page with php

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!