PHP :: Bug #10362 :: strip_tags() strips round brackets inside allowed html tags

Bug #10362	strip_tags() strips round brackets inside allowed html tags
Submitted:	2001-04-17 12:02 UTC	Modified:	2012-05-24 10:03 UTC
From:	jo at feuersee dot de	Assigned:	johannes (profile)
Status:	Closed	Package:	Unknown/Other Function
PHP Version:	4.0.4pl1	OS:	Linux 2.4.3
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jo at feuersee dot de
New email:
PHP Version:		OS:

New Comment:

Further comment on this bug is unnecessary.

[2001-04-17 12:02 UTC] jo at feuersee dot de

When using strip_tags() with the optional conversion 
param, it still strips round brackets "()" from the input 
string.
Example:
<?php
$allowed = "<a>";
$tag = "<a href=\"$PHP_SELF\" "; 
$tag .= "onClick=\"alert('Hello')\">click</a>";
printf("%s", strip_tags($tag, $allowed));
?>
results in
<a href="whatever.php" onCLick="alert'Hello'">click</a>
missing brackets---------------------^-----^

and leaves the <a> Tag unuseable.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-04-28 19:13 UTC] elixer@php.net

Fixed in CVS.  It will be part of PHP4.0.6 when it is released.

[2012-05-24 10:03 UTC] johannes@php.net

-Assigned To: +Assigned To: johannes -Block user comment: No +Block user comment: Yes

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Oct 29 13:00:01 2025 UTC