|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17099 strip_tags() not just stripping out HTML-tags
Submitted: 2002-05-08 10:50 UTC Modified: 2002-05-08 11:52 UTC
From: yves at fuifbeest dot com Assigned:
Status: Not a bug Package: Strings related
PHP Version: 4.2.0 OS: Unix/Apache
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: yves at fuifbeest dot com
New email:
PHP Version: OS:


 [2002-05-08 10:50 UTC] yves at fuifbeest dot com
I've made a PHP-based forum and some of the users found out that if they were putting text between < or > (HTML &lt; and &gt; ), this text was lost...

Browsing through the source-code and a little tests later, I found out it was strip_tags() causing the problem...
strip_tags() is described as "stripping out all HTML- and PHP-tags", so I thought this was a nice way to prevent users from making some sort of childish color-book with images, color-text, etc. in between of the serious posts...

Now it appears that strip_tags() strips out ANYTHING in an string between < and > (the hTML fishing-hooks, sorry for mentioning all the time, but I don't if you're seeing them), so that's rather inconvenient I thought...

Wouldn't it be possible that PHP has an internal list of all HTML-tags (maybe it has already) and that it should just stripout what a web-browser would interpret as a HTML-tag?

Ex.: <?php echo strip_tags("blabla < yieha > blabla"); ?>
This will return "blabla  blabla"...


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-08 11:52 UTC]
this is intentional. strip_tags requires the caller to declare what tags to keep, regardless of whether they are valid html or not. if you just want to get rid of angle brackets, you can use str_replace() or use htmlentities() to preserve them, but prevent them from being interpreted as html tag delimiters.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 23 22:01:28 2024 UTC