I need to remove all tags along with the content and the closing of the tag when the tag is being scripted. Example $ variable="SomethingSomething2some javascript function";
I want to remove this all from html
<script>alguma funcao javascript</script>
The idea is like this
$variavel = preg_replace('<script*>*</script>', '', $variavel);
But it did not work. Explaining the regex how it should look: It will give replace when you start with
Parsing HTML with regex is not recommended. In the example case it is +/- simple and something like /<script[^>]*>[^<]*<\/script>/ (link) might work.
A better solution would be to use the strip_tags that is made for this and receives as second argument allowed tags.
An example would look like this:
$html = "
<p>algo</p>
<script>alguma funcao javascript</script>
<div>algo</div>
";
$html_limpo = strip_tags($html, '<p><div>');
echo $html_limpo;
The result would be:
<p>algo</p>
alguma funcao javascript
<div>algo</div>
/! \ Do not recommend using this!
You can use REGEX:
/<script.*?>(.*?<\/script.*?>)?/i
Therefore:
<ScrIpT>alert()</ScrIpT>
<script type=\"text/javascript\">alguma funcao javascript</script>
<Script src="site.com">
They will be removed.
Now it depends on your goal with this REGEX. If it is to protect from XSS, forget it, it would still be possible:
<img onerror="alert('XSS')">
<svg/onload=alert('XSS')>