archived-php-src/ext/standard/tests/strings/bug78814.phpt at e079e753dcdf22229d2c386dc6b87f2ebf991721 - archived-php-src - Gitea: Git with a cup of tea

php/archived-php-src

mirror of https://github.com/php/php-src.git synced 2026-04-19 22:11:12 +02:00

Files

Christoph M. Becker 600f1f898f Fix #78814 : strip_tags allows / in tag name => whitelist bypass

When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.

2019-12-02 11:37:25 +01:00

9 lines

166 B

PHP

Raw Blame History

 --TEST--
 Bug #78814 (strip_tags allows / in tag name => whitelist bypass)
 --FILE--
 <?php
 echo strip_tags("<s/trong>b</strong>", "<strong>");
 ?>
 --EXPECT--
 b</strong>