Re[2]: AW: [php] Formularfelder sicher machen

[Manuel Carrara]

Hello Werner,

Wednesday, June 27, 2001, 5:27:14 PM, you wrote:
WS> http://php.net/manual/en/function.strip-tags.php
WS> und Kommentare dazu

WS> Also worth noting is that STYLE attributes are allowed for all tags.
WS> Any tag can be made into a layout-wrecker unless these are stripped out.
WS>  (STYLE="font-size:5000px;" for instance?)
WS> 
WS> my solution to this and the "onEvent" handler problem: 
WS> 
WS> eregi_replace("([ \f\r\t\n\'\"])style=[^>]+", "\\1", $string); 
WS> eregi_replace("([ \f\r\t\n\'\"])on[a-z]+=[^>]+", "\\1", $string); 
WS> 
WS> my regex knowledge is far from all encompassing but this seems to
WS> work for every eventuality I could come up with.

mh, daraus könnte mann doch was machen.

alle Tags außer zb: b,i,em,usw rausfiltern dann in diesen tags nach
javascript oder style suchen.

irgendwas vergessen ??





Best regards,

Manuel Carrara
php-ml_(at)_w3suite.com