Skip to content
Create a gist now

Instantly share code, notes, and snippets.

<?php
$html = <<<EOF
<!doctype html>
<html>
<head>
<title>Hello, World!</title>
</head>
<body>
<p>Hello there.</p>
<script>
// </script>
<script>document.title = 'Javascript Injection!';
</script >
</body>
</html>
EOF;
echo preg_replace('#<script(.*?)>(.*?)</script>#is', '', $html);
/* Output:
<!doctype html>
<html>
<head>
<title>Hello, World!</title>
</head>
<body>
<p>Hello there.</p>
<script>document.title = 'Javascript Injection!';
</script >
</body>
</html>
*/
// The page title is then changed to 'Javascript Injection!'.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.