code in <style>, <script> tags is not removed from excerpts (strip_tags)

cnb / News_Manager-getsimplecms

A blog/news plugin for GetSimple CMS - development extended version

8 stars 10 forks source link

code in <style>, <script> tags is not removed from excerpts (strip_tags) #211

Closed cnb closed 9 years ago

cnb commented 9 years ago

PHP's strip_tags doesn't remove the code inside <style>...</style> and <script>...</script> that may be in the post content, so it's displayed in excerpts.

I noticed this long ago, but I forgot to note the issue. John Stray has reminded me about it - https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1050

cnb commented 9 years ago

a93f0b4756c756d00059599f8aba63c85980102c

using this: http://nadeausoftware.com/articles/2007/09/php_tip_how_strip_html_tags_web_page

Remove HTML tags, including invisible text such as style and script code, and embedded objects. Add line breaks around block-level tags to prevent word joining after tag removal.