Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How to change all the occurrence of the <script> <Script> <scRipT> <sCrIpT> and so .. to <script> <Script> with PHP
I also want to remove
The input will be taken from a WYSIWYG Editor, so i can not use the strip_tags function.
Edit 2
Is there any other way a user can execute a javascript with some kind of strange characters to
I found this on internet
<scr<!--*-->ipt>
alert('hi')
</script>
But it did not worked though, is there any such possibilities ?
Probably the simplest method would be
str_ireplace()for case-insensitive replacement, however this won’t preserve the case of the “sCriPt” word. But if you’re out to de-fang XSS attacks that may be just fine:A more complex solution could be devised with
preg_replace()to preserve case, but would be slower. This might work, but if it were me I’d usestr_ireplace()…Note: If it is XSS prevention you’re after, neither of these takes into account things like
<script type=text/javascript>. To truly handle these cases, you need to load the HTML string intoDOMDocumentand delete the offending script nodes.