How would I go about removing script tags, and everything inside them using PHP?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
由 
翻译强力驱动
翻译强力驱动问题:
回答1:
As David says, filtering only script tags is not enough if you're looking to sanitize incoming data. HTML Purifier promises to do the full package:
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.
回答2:
Go with HTML Purifier as Pekka suggested.
Never go with regex for that case
Here is a example, regexes filters broken, works on browsers (tested on firefox)
<script script=">>><script></script><script>//" > /**/ alert(1); </script >回答3:
I use this:
$tag_para_remover_codigo_fonte_url_dentro_buscador = array("head","script","style","object","embed","applet","noscript","noframes","noembed"); for ($i=0;$i<count($tag_para_remover_codigo_fonte_url_dentro_buscador);$i++) { $codigo_fonte_url_dentro_buscador = preg_replace("/< *" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . "[^>]*>(.*?)<\/" . $tag_para_remover_codigo_fonte_url_dentro_buscador[$i] . " *>/i"," ",$codigo_fonte_url_dentro_buscador); } $codigo_fonte_url_dentro_buscador = html_entity_decode(strip_tags($codigo_fonte_url_dentro_buscador));回答4:
You can do that with the function strip_tags
<?php $text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); // Allow <p> and <a> echo strip_tags($text, '<p><a>'); ?>文章来源: Strip