Re: Regex: Strip <script> tags?

by hacker (Priest)

on Sep 02, 2007 at 14:37 UTC ( #636604=note: print w/ replies, xml )

Need Help??

I use the following in a piece of code here:

   # Strip <script [..]>..</script> and <style>..</style> 
   $content =~ s!<(s(?:cript|tyle))[^>]*>.*?</\1>!!gis;
[download]

backtracking++

Comment on Re: Regex: Strip <script> tags? Download Code
Re^2: Regex: Strip <script> tags? by clinton (Priest) on Sep 02, 2007 at 14:49 UTC
There are plenty of things that will be missed with your regex. For instance, all of the `onclick/focus/load/etc` events. Have a look at HTML::StripScripts::Parser, which allows you to customise the HTML / CSS that you would like to allow, while removing XSS attacks. Clint	[reply] [d/l]

Node Status^?

node history
Node Type: note [id://636604]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others avoiding work at the Monastery: (6)

As of 2013-06-19 00:39 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?