voku\helper\AntiXSS::remove_disallowed_javascript PHP Method

AntiXSS Class Documentation Show file Open project: voku/anti-xss

remove_disallowed_javascript() private method

Note: It was reported that not only space characters, but all in the following pattern can be parsed as separators between a tag name and its attributes: [\d\s"\'`;,\/\=\(\x00\x0B\x09\x0C] ... however, UTF8::clean() above already strips the hex-encoded ones, so we'll skip them below.
private remove_disallowed_javascript ( string $str ) : string
$str string
return string 
    private function remove_disallowed_javascript($str)
    {
        do {
            $original = $str;
            if (preg_match('/<a/i', $str)) {
                $str = preg_replace_callback('#<a[^a-z0-9>]+([^>]*?)(?:>|$)#i', array($this, '_js_link_removal'), $str);
            }
            if (preg_match('/<img/i', $str)) {
                $str = preg_replace_callback('#<img[^a-z0-9]+([^>]*?)(?:\\s?/?>|$)#i', array($this, '_js_img_removal'), $str);
            }
            if (preg_match('/script|xss/i', $str)) {
                $str = preg_replace('#</*(?:script|xss).*?>#si', $this->_replacement, $str);
            }
        } while ($original !== $str);
        return (string) $str;
    }
AntiXSS
__construct
_compact_exploded_words
_decode_entity
_do
_do_never_allowed
_do_never_allowed_afterwards
_entity_decode
_filter_attributes
_initNeverAllowedStr
_js_img_removal
_js_link_removal
_js_removal
_sanitize_naughty_html
addEvilAttributes
compact_exploded_javascript
decode_string
make_php_tags_safe
removeEvilAttributes
remove_disallowed_javascript
remove_evil_attributes
sanitize_naughty_html
sanitize_naughty_javascript
setReplacement
setStripe4byteChars
xss_clean
xss_hash