Bug #10362 [Com]: strip_tags() strips round brackets inside allowed html tags

Thu, 24 May 2012 02:56:00 -0700 

Edit report at https://bugs.php.net/bug.php?id=10362&edit=1

 ID:                 10362
 Comment by:         zxcvdf at 163 dot com
 Reported by:        jo at feuersee dot de
 Summary:            strip_tags() strips round brackets inside allowed
                     html tags
 Status:             Closed
 Type:               Bug
 Package:            Unknown/Other Function
 Operating System:   Linux 2.4.3
 PHP Version:        4.0.4pl1
 Block user comment: N
 Private report:     N

 New Comment:

Before going to bed to her talk about the Links of London jewellery company, on 
the way home to see interesting things.Offert en 3 couleurs avec une lentillede 
64mm.Cherchant un nouvel ensemble de deux Lunettes Ray Ban sunnies? De 
sécurité de qualité supérieure à travers le désir rayons du soleil? Les 
bonnes <a href="http://www.leslunettesdesoleil.in">Lunettes Ray 
Ban</a> de soleil de qualité comprennent l'option préfet.Santos replay 
with so next holiday''s extremely provide <a 
href="http://www.leslunettesdesoleil.in">Lunettes Carrera</a>, and 
then also to enjoy colossus champion Kale Konrad defend against which experts 
claim turn'beds success on the tip on the top season escarpin.Des stars comme 
Rihanna, Scarlett Johansson, ou encore Jean Dujardin figurent parmi les clients 
prestigieux de l'enseigne.<br /><br />


Previous Comments:
------------------------------------------------------------------------
[2001-04-28 19:13:36] [email protected]

Fixed in CVS.  It will be part of PHP4.0.6 when it is released.

------------------------------------------------------------------------
[2001-04-17 12:02:44] jo at feuersee dot de

When using strip_tags() with the optional conversion 
param, it still strips round brackets "()" from the input 
string.
Example:
<?php
$allowed = "<a>";
$tag = "<a href=\"$PHP_SELF\" "; 
$tag .= "onClick=\"alert('Hello')\">click</a>";
printf("%s", strip_tags($tag, $allowed));
?>
results in
<a href="whatever.php" onCLick="alert'Hello'">click</a>
missing brackets---------------------^-----^

and leaves the <a> Tag unuseable.


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=10362&edit=1

Reply via email to