| private sanitize_naughty_html ( string $str ) : string | ||
| $str | string | |
| return | string | |
private function sanitize_naughty_html($str)
{
$naughty = 'alert|prompt|confirm|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|math|video|source|svg|xml|xss|eval';
$str = preg_replace_callback('#<(/*\\s*)(' . $naughty . ')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
return (string) $str;
}