| Re: strip_tags function [message #178750 is a reply to message #178742] |
Fri, 27 July 2012 17:25   |
Tim Fardell
Messages: 5
Registered: July 2012
Karma:
|
Junior Member |
|
|
On Fri, 27 Jul 2012 11:52:29 +0200, Thomas 'PointedEars' Lahn
<PointedEars(at)web(dot)de> wrote:
> Tim Fardell wrote:
>
>> On Thu, 26 Jul 2012 18:18:44 +0100, Tim Fardell
>> <tim(dot)fardell(dot)all-your-clothes(at)virgin(dot)net> wrote:
>>> However, am I right in thinking that the strip_tags() function simply
>>> assumes that any less-than character (<) occurring within a string is the
>>> beginning of a tag?
>>>
>>> I hope I'm wrong, because that would be completely crap and useless :-)
>>
>> [
]
>> I think I am correct that strip_tags assumes any '<' character to be the
>> beginning of a tag -
>
> No, you are not. The function, at least as of PHP 5.3.10, is context-
> sensitive:
>
> $ php -r "echo strip_tags('<a title=\'<\'>foo</a>');"
> foo
Possibly true, but that example does not demonstrate it. Try:
$ php -r "echo strip_tags('<a title=\'<\'>f<o<o</a>');"
Output should be
f<o<o
Definitely doesn't work in PHP 5.3.3, and according to php.net the function
hasn't changed since 5.0.0.
>> ut this doesn't actually matter, since the input string should be HTML
>> encoded anyway, so all '<' characters should be escaped as '<' - so all
>> actual '<' characters will indeed be tags :-)
>
> You are not making sense. The *input* data should *never* be "HTML
> encoded".
Then I must have completely misunderstood something here. I thought the whole
point of strip_tags() was to remove all HTML tags from the input string.
Therefore the input has to be HTML or the function is pointless.
Unless the idea is to remove rogue HTML tags from a plain text string, in which
case my original point about it assuming all < symbols are tags remains valid -
it's crap and useless for this.
--
Please remove all-your-clothes before replying.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]