preg_replace script, link tag not working

Question

I used the following code to remove script, link tags from my string,

$contents='<script>inside tag</script>hfgkdhgjh<script>inside 2</script>';
$ss=preg_replace('#<script(.*?)>(.*?)</script>#is', '', $contents);
echo htmlspecialchars($ss);

it works fine. But can I use anything that similar to html parsing rather than preg_match for this?

Have you made sure you're getting something back from your call? — jprofitt, Mar 31 '12 at 04:46
strip_tags might help http://www.php.net/manual/en/function.strip-tags.php ... look at user contributed scripts at the bottom of the page — gpasci, Mar 31 '12 at 04:57
@jpofit: yes, it returns the site contents, after stripping the contents and tags. — joHN, Mar 31 '12 at 05:58

score 2 · Accepted Answer · answered Mar 31 '12 at 05:10

Here are few things you can do

htmlspecialchars() can prove those tags useless
striptags() removes all HTML tags

But the technique you are using is the correct one. However here is a improved version for that

echo preg_replace('/<script\b[^>]*>(.*?)<\/script>/is', "", $contents);

score 0 · Answer 2 · edited May 23 '17 at 12:11

0

HTML Purifier is always a good choice. phpQuery has also come in handy a few times.

If you are sanitizing content, it's very easy to make mistakes with regular expressions... read this post. It just depends what you're trying to achieve.

edited May 23 '17 at 12:11

Community

1
1

answered Mar 31 '12 at 05:06

jmlnik

2,867
2
17
20

preg_replace script, link tag not working

2 Answers2