Menu
How would I go about removing script tags, and everything inside them using PHP?
521
The strip_tags() function strips a string from HTML, XML, and PHP tags. Note: HTML comments are always stripped. This cannot be changed with the allow parameter. Note: This function is binary-safe.
How to remove script tags from string in php? HTML; $dom = new DOMDocument(); $dom->loadHTML($html); $script = $dom->getElementsByTagName('script'); $remove = []; foreach($script as $item) { $remove[] = $item; } foreach ($remove as $item) { $item->parentNode->removeChild($item); } $html = $dom->saveHTML();
We put the script elements at the end of the body, after all of the page's contents. This means the entire page will display as soon as it's available, and then the scripts will download to make things work.
Yes, we can write any number of tags inside tag.
As David says, filtering only script tags is not enough if you're looking to sanitize incoming data. HTML Purifier promises to do the full package:
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.
129
Go with HTML Purifier as Pekka suggested.
Never go with regex for that case
Here is a example, regexes filters broken, works on browsers (tested on firefox)
<script script=">>><script></script><script>//" >
/**/
alert(1);
</script
>
I use this:
$tag_para_remover_codigo_fonte_url_dentro_buscador = array("head","script","style","object","embed","applet","noscript","noframes","noembed");
for ($i=0;$i<count($tag_para_remover_codigo_fonte_url_dentro_buscador);$i++) {
$codigo_fonte_url_dentro_buscador = preg_replace("/< *" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . "[^>]*>(.*?)<\/" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . " *>/i"," ",$codigo_fonte_url_dentro_buscador);
}
$codigo_fonte_url_dentro_buscador = html_entity_decode(strip_tags($codigo_fonte_url_dentro_buscador));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
