WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#37204 closed defect (bug) (invalid)

wp_strip_all_tags() function does not strip all tags

Reported by: aldemarcalazans Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.4.3
Component: Security Keywords:
Focuses: Cc:

Description

If you apply the function wp_strip_all_tags() to the following strings, the result will be as follows:

<myname> ...................... ''              (OK)
<myname ....................... ''              (OK)
myname> ....................... myname>         (BAD)

As you can see, if only one "greater than" character is placed on the right of the word, the function does not work.

Change History (1)

#1 @dd32
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

I'd say this works as intended.

mytag> is not a valid HTML tag, and shouldn't be stripped, just as 5>4 shouldn't be stripped or modified.

wp_strip_all_tags() is designed to compliment PHP's strip_tags() functionality, but also strip the contents of <script> and <style> tags.

Note: See TracTickets for help on using tickets.