Security Gotchas

Posted 9 years ago - updated 9 years ago

Removing javascript from string

This won't work:

echo preg_replace('/<script\b[^>]*>(.*?)<\/script>/is', "", $var);

since this may work:

<scr/* */ipt>