PHP function strip_A Brief Analysis of bug in tags
- 2021-06-28 09:00:12
- OfStack
PHP function strip_tags provides the ability to remove HTML and PHP tags from a string, which attempts to return the result of removing empty, HTML, and PHP tags from a given string, str.
Since strip_tags() cannot actually validate HTML, incomplete or broken labels will result in more data being deleted.
For example, the following code:
<div>string</div>string<string<b>hello</b><div>string</div>
Via strip_tags ($str, ' < div > ') Filtering, we may expect the following results:
<div>string</div>string<stringhello<div>string</div>
The result is:
<div>string</div>string
This is all due to the red left angle bracket, checking PHP's documentation, and having a warning:
Since strip_tags() cannot actually validate HTML, and incomplete or broken labels will result in more data being deleted.
Since you cannot verify code correctness before performing filtering, you encounter a label-related character, " < "Or" > "The code behind it hangs up!