JavaScript filtering methods:
The first scenario: Use the Htmlspecialchars function to convert special characters and use the NL2BR function to insert some necessary <br/> tags.
1 $comment = <<<eof 2 <script type= "Text/javascript" > 3 while (true) { 4 alert (' I play! '); 5 } 6 </script> 7 EOF; // If $comment is a comment 8 // filter JavaScript code 9 Echo $comment;
The output is:
<script type="text/javascript"><br/> while (true) {<br/ > alert (' I play! '); <br/>}<br/></script>
The second option: Remove all the <script...>,</script> from the comment content.
1 // get rid of all the <script...>,</script> in the comments
The output is:
while (true) { alert (' I play! '); }
HTML Filtering methods:
The first option: to escape the symbol <>, or delete it directly.
1 $comment = preg_replace ("/<[\/\!") *? [^<>]*?>/si ",", $comment);
The second scenario: Use the Strip_tags () function.
1 <? PHP 2 Echo strip_tags ("Hello <b>world!</b>"); 3 ?>
Web development methods for filtering JavaScript and HTML