|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50847 strip_tags() fails with extremely long tags (attributes)
Submitted: 2010-01-26 15:06 UTC Modified: 2010-02-01 12:59 UTC
From: grayson at levy dot org dot il Assigned:
Status: Closed Package: Strings related
PHP Version: 5.*, 6 OS: *
Private report: No CVE-ID:
 [2010-01-26 15:06 UTC] grayson at levy dot org dot il
strip_tags() removes long param tags even when param is in the exclude list.

Reproduce code:
$var = "<param value=\"file=,,,\" name=\"flashvars\" />";

$var = strip_tags($var, "<param>");

Expected result:
$var should be unchanged.

Actual result:
$var is empty.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-26 17:18 UTC]
It doesn't matter what the tag is. Or what it contains. Single char repeated enough times will make a mess.. 
 [2010-02-01 12:59 UTC]
Automatic comment from SVN on behalf of iliaa
Log: Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long)
 [2010-02-01 12:59 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2010-04-17 05:53 UTC] sarun37823 at bigfoot dot com
greater then 1023 bytes
should change to
greater than 1023 bytes
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Mon Nov 30 08:01:52 2015 UTC