WooYun.org

function safe_html($info)
	{
		if(!$info)
		{
			return false;
		}
		$tmp = "/<([a-zA-Z0-9]+)(.*)(on[abort|beforeonload|blur|change|click|contextmenu|dblclick|drag|dragend|dragenter|dragleave|dragstart|drop|error|focus|keydown|keypress|keyup|load|message|mousedown|mousemove|mouseover|mouseout|mouseup|mousewheel|reset|resize|scroll|select|submit|unload]+)=(.+)>/isU";
		$info = preg_replace($tmp,"<\\1\\2\\4>",$info);
		//$info = preg_replace("/<([a-zA-Z0-9]+)(.*)([onabort|onbeforeonload|onblur|onchange|onclick|oncontextmenu|ondblclick|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmessage|onmousedown|onmousemove|onmouseover|onmouseout|onmouseup|onmousewheel|onreset|onresize|onscroll|onselect|onsubmit|onunload]+)\s*=\s*(.+)>/isU","<\\1\\3>",$info);
		$tmp = array("/<script(.*)<\/script>/isU","/<frame(.*)>/isU","/<\/fram(.*)>/isU","/<iframe(.*)>/isU","/<\/ifram(.*)>/isU","/<style(.*)<\/style>/isU","/<link(.*)>/isU","/<\/link>/isU");
		$info = preg_replace($tmp,'',$info);
		$array = array("src='".$this->url,'src="'.$this->url,"src=".$this->url);
		$new = array("src='",'src="',"src=");
		$info = str_replace($array,$new,$info);
		return $info;
	}