jimw Sun Oct 28 20:51:34 2001 EDT
Modified files:
/phpdoc/en/functions strings.xml
Log:
add warning to strip_tags() about attributes being passed through, add <u> to the
example, and clean up the notice of what versions the allowable_tags param was added
in.
Index: phpdoc/en/functions/strings.xml
diff -u phpdoc/en/functions/strings.xml:1.117 phpdoc/en/functions/strings.xml:1.118
--- phpdoc/en/functions/strings.xml:1.117 Wed Oct 17 12:24:00 2001
+++ phpdoc/en/functions/strings.xml Sun Oct 28 20:51:33 2001
@@ -1,5 +1,5 @@
<?xml encoding="iso-8859-1"?>
-<!-- $Revision: 1.117 $ -->
+<!-- $Revision: 1.118 $ -->
<reference id="ref.strings">
<title>String functions</title>
<titleabbrev>Strings</titleabbrev>
@@ -2506,8 +2506,8 @@
should not be stripped.
<note>
<para>
- <parameter>Allowable_tags</parameter> was added in PHP 3.0.13,
- PHP4B3.
+ <parameter>allowable_tags</parameter> was added in PHP 3.0.13
+ and PHP 4.0b3.
</para>
</note>
</para>
@@ -2515,10 +2515,19 @@
<example>
<title><function>strip_tags</function> example</title>
<programlisting role="php">
-$string = strip_tags($string, '<a><b><i>');
+$string = strip_tags($string, '<a><b><i><u>');
</programlisting>
</example>
</para>
+ <warning>
+ <para>
+ This function does not modify any attributes on the tags that you allow
+ using <parameter>allowable_tags</parameter>, including the
+ <literal>style</literal> and <literal>onmouseover</literal> attributes
+ that a mischievous user may abuse when posting text that will be shown
+ to other users.
+ </para>
+ </warning>
</refsect1>
</refentry>
