How to Strip Script Tags in PHP

If you have some HTML input submitted from a user to your application, before saving it to the database, you may want to strip all <script> tags so that you can prevent cross site scripting attacks and other potential issues.

Below we use a Regular Expression to strip the script tag out of a variable.

$html = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $html);
Code language: PHP (php)
Tags:
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments