<?php
$UNSAFE_HTML = array(
"!javascript\s*:!is",
"!vbscri?pt\s*:!is",
"!<\s*embed.*swf!is",
"!vbscri?pt\s*:!is",
"!<.*[^a-z]onabort\s*=!is",
"!<.*[^a-z]onblur\s*=!is",
"!<.*[^a-z]onchange\s*=!is",
"!<.*[^a-z]onfocus\s*=!is",
"!<.*[^a-z]onmouseout\s*=!is",
"!<.*[^a-z]onmouseover\s*=!is",
"!<.*[^a-z]onload\s*=!is",
"!<.*[^a-z]onreset\s*=!is",
"!<.*[^a-z]onselect\s*=!is",
"!<.*[^a-z]onsubmit\s*=!is",
"!<.*[^a-z]onunload\s*=!is",
"!<.*[^a-z]onerror\s*=!is",
"!<.*[^a-z]onclick\s*=!is"
);
function unsafe_html($html) {
global $UNSAFE_HTML;
foreach ($UNSAFE_HTML as $match) {
if (preg_match($match, $html,
$matches)) {
return $match;
}
}
return false;
}
?>
