Create a gist now

Instantly share code, notes, and snippets.

<?php
$html = <<<EOF
<!doctype html>
<html>
<head>
<title>Hello, World!</title>
</head>
<body>
<p>Hello there.</p>
<script>
// </script>
<script>document.title = 'Javascript Injection!';
</script >
</body>
</html>
EOF;
echo preg_replace('#<script(.*?)>(.*?)</script>#is', '', $html);
/* Output:
<!doctype html>
<html>
<head>
<title>Hello, World!</title>
</head>
<body>
<p>Hello there.</p>
<script>document.title = 'Javascript Injection!';
</script >
</body>
</html>
*/
// The page title is then changed to 'Javascript Injection!'.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment