strip_tags – is the function safe?

I read somewhere that strip_tags (or a function with a similar name) is not secure. Is it true?


Answer 1, authority 100%

There are two notes on the manual page, one of which is:

Because strip_tags()doesn’t
parses HTML syntactically, unclosed tags in
line can lead to
the function will remove extra pieces of text.

For example:

echo strip_tags("<p>Trolole<p olole"); // "Trolole".
echo strip_tags("<p>Trolole<madtag olole"); //   

Another warning is that

This function does not remove any
allowed tag attributes (argument
allowable_tags), including style,
onmouseover etc. which can also
create an unexpected fail.

For example:

echo strip_tags("<b onmouseover=\"alert('hack!')\"> </b>", "<b>");

PS:see comments.


Answer 2

Depending on what you mean by “insecure”, if you’re talking about whether it will cut tags – yes it will. Is it the solution to all security problems, etc. – no…
Actually, how can it be unsafe then?