Reputation: 51
strip_tags removes allowed tags when within attributes
For some reason, PHP's strig_tags( ) function is removing brackets from tags which are explicitly allowed, when those tags appear within an attribute.
Example:
<div data-contents="<p>Hello!</p>"></div>
becomes
<div data-contents="pHello!/p"></div>
I know, I know. This isn't necessarily good practice.
Regardless, any ideas?
Upvotes: 1
Views: 449
Answers (1)
Reputation: 360732
As the warnings on the man page state: **Because strip_tags() does not actually validate the HTML, partial or broken tags can result in the removal of more text/data than expected.
If you want to embed HTML inside an attribute, it must be properly encoded, e.g. you should have <p>Hello!</p> instead.
Strip tags is "dumb" and will remove anything that LOOKS like a tag, regardless of where that tag occurs in the text, or if it would result in a broken page or not.
Upvotes: 2
Related Questions
- Why doesn't strip_tags work in PHP?
- strip_tags disallow some tags
- php strip_tags removing everything
- php strip_tags issue
- Why does PHP function strip_tags() removes data that is not tags? How to avoid this?
- can't get strip_tags() to work
- strip_tags php function is leaving the tags
- php strip_tags() troubles
- strip_tags function not working for <p> something</p>
- strings after "<" cannot be seen when using PHP strip_tags function