Re^2: Code does Remove Html (hole)

If you "remove HTML" with a regex like that, then I can still get whatever HTML I want in like so:

<a <b>href="www.example.com">Cheap Viagra!</</b>a>
<script<b>>
alert("CHEAP VIAGRA!")
</script</b>>
[download]

Escaping is a much better idea.

Comment on Re^2: Code does Remove Html (hole) Download Code

Replies are listed 'Best First'.
Re^3: Code does Remove Html (hole) by SFLEX (Chaplain) on Dec 17, 2006 at 17:40 UTC
Escaping is a much better idea. Yes it is! If done right the text enterd is safe and you dont loose any of the data. doing the other way lots of data can be lost and the code could be bybassed. Updated: I just had to build a code to remove the text in tye's post. This is what I came up with `$value =~ s/<(([^ >]\|\n\|\s\/\|\s\S\S))>/ /gso;` Ya that code kinda works better but it still removes parts that it should not and like tye stated "Escaping*" is the better way to go.	[reply] [d/l]

Replies are listed 'Best First'.

Re^3: Code does Remove Html (hole)
by SFLEX (Chaplain) on Dec 17, 2006 at 17:40 UTC

Escaping is a much better idea.

Updated:

$value =~ s/<(([^ >]|\n|\s\/|\s\S\S)*)>/ /gso;

Escaping