From 38dd875b75c1a9639f4cb0b35e872f7ac202fb37 Mon Sep 17 00:00:00 2001
From: jim winstead <jimw@php.net>
Date: Mon, 29 Oct 2001 01:51:33 +0000
Subject: [PATCH] add warning to strip_tags() about attributes being passed
 through, add <u> to the example, and clean up the notice of what versions the
 allowable_tags param was added in.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@61059 c90b9560-bf6c-de11-be94-00142212c4b1
---
 functions/strings.xml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/functions/strings.xml b/functions/strings.xml
index c1661cc9c0..216a60d2bf 100644
--- a/functions/strings.xml
+++ b/functions/strings.xml
@@ -1,5 +1,5 @@
 <?xml encoding="iso-8859-1"?>
-<!-- $Revision: 1.117 $ -->
+<!-- $Revision: 1.118 $ -->
  <reference id="ref.strings">
   <title>String functions</title>
   <titleabbrev>Strings</titleabbrev>
@@ -2506,8 +2506,8 @@ if (!strcasecmp($var1, $var2)) {
      should not be stripped.
      <note>
       <para>
-       <parameter>Allowable_tags</parameter> was added in PHP 3.0.13,
-       PHP4B3.
+       <parameter>allowable_tags</parameter> was added in PHP 3.0.13
+       and PHP 4.0b3.
       </para> 
      </note>
     </para>
@@ -2515,10 +2515,19 @@ if (!strcasecmp($var1, $var2)) {
      <example>
       <title><function>strip_tags</function> example</title>
       <programlisting role="php">
-$string = strip_tags($string, '&lt;a&gt;&lt;b&gt;&lt;i&gt;');
+$string = strip_tags($string, '&lt;a&gt;&lt;b&gt;&lt;i&gt;&lt;u&gt;');
       </programlisting>
      </example>
     </para>
+    <warning>
+     <para>
+      This function does not modify any attributes on the tags that you allow
+      using <parameter>allowable_tags</parameter>, including the
+      <literal>style</literal> and <literal>onmouseover</literal> attributes
+      that a mischievous user may abuse when posting text that will be shown
+      to other users.
+     </para>
+    </warning>
    </refsect1>
   </refentry>