| Re: strip_tags function [message #178742 is a reply to message #178738] |
Fri, 27 July 2012 09:52   |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
|
Senior Member |
|
|
Tim Fardell wrote:
> On Thu, 26 Jul 2012 18:18:44 +0100, Tim Fardell
> <tim(dot)fardell(dot)all-your-clothes(at)virgin(dot)net> wrote:
>> However, am I right in thinking that the strip_tags() function simply
>> assumes that any less-than character (<) occurring within a string is the
>> beginning of a tag?
>>
>> I hope I'm wrong, because that would be completely crap and useless :-)
>
> […]
> I think I am correct that strip_tags assumes any '<' character to be the
> beginning of a tag -
No, you are not. The function, at least as of PHP 5.3.10, is context-
sensitive:
$ php -r "echo strip_tags('<a title=\'<\'>foo</a>');"
foo
> ut this doesn't actually matter, since the input string should be HTML
> encoded anyway, so all '<' characters should be escaped as '<' - so all
> actual '<' characters will indeed be tags :-)
You are not making sense. The *input* data should *never* be "HTML
encoded".
PointedEars
--
Use any version of Microsoft Frontpage to create your site.
(This won't prevent people from viewing your source, but no one
will want to steal it.)
-- from <http://www.vortex-webdesign.com/help/hidesource.htm> (404-comp.)
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]