javascript - Removing <script> tag - PHP

Question

Welcome To Ask or Share your Answers For Others

javascript - Removing <script> tag - PHP

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

How to change all the occurrence of the <script> <Script> <scRipT> <sCrIpT> and so .. to <script> <Script> with PHP
I also want to remove

The input will be taken from a WYSIWYG Editor, so i can not use the strip_tags function.

Edit 2
Is there any other way a user can execute a javascript with some kind of strange characters to
I found this on internet

<scr<!--*-->ipt>
alert('hi')
</script>

But it did not worked though, is there any such possibilities ?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

358 views

1 Answer

深蓝 · Answer 1 · 2021-10-23T20:03:33+0000

Simply removing <script> tags from untrusted input is not enough to guard against XSS attacks. For example, <a href="#" onmouseover="alert('pwned!');"> – I just put script in your page—without using a <script> tag—and stole your cookies. Oops.

This is a case where you really need to use a well-tested library that actually parses the HTML and removes the stuff you don't want.

Categories

javascript - Removing <script> tag - PHP

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags