I'm trying to create a function which would delete any potentional script tags, but not other tags like p, li, ol, span, h1, ...
This is what I have so far. I also wrote < and > as encoded chars "%3C" and "%3E" and as HTML name and number. Tried to do regex for first one as you see "^<(/)?script>$". But it's not working :D
function smartFilter($string) {
$string = strtolower($string);
if (strpos($string, "<script>") !== FALSE || strpos($string, "<script>") !== FALSE || strpos($string, "<script>") !== FALSE || strpos($string, "%3Cscript%3E") !== FALSE) {
$unallowed = array("^<(\/)?script>$", "<script>", "</script>", "%3Cscript%3E", "%3C/script%3E", "<script>", "<script>");
return preg_replace($unallowed, "", $string);
} else {
return $string;
}
}
Why not use strip_tags from php? Link here.