PHP允许img和锚点-但排除其他标签
[英]PHP allow img and anchors - but exclude other tags
问题描述
I have a textarea where my users need to be allowed to post links, mail and images. 
我有一个textarea,需要允许我的用户发布链接,邮件和图像。
function autolink($message)
{
$text = " " . $message;
$text = preg_replace("#([\n ])([a-z]+?)://([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\" class=\"link\">\\2://\\3</a>", $text);
$text = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\" class=\"link\">www.\\2.\\3\\4</a>", $text);
$text = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)?[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\" class=\"link\">\\2@\\3</a>", $text);
$text = substr($text, 1);
return($text);
}
This function works like a charm, but if I want to add a line who replaces img src - it wont work anymore. 此功能的工作原理很吸引人,但是如果我要添加一行替换img src的行,它将不再起作用。
$text = preg_replace('#<img.+?src="([^"]*)".*?/?>#i', '<a href="$1">$0</a>', $text);
The above works very well, but now it wont replace anchors and mails as links. 上面的方法效果很好,但是现在它不会替换锚和邮件作为链接。
I've searched this forum and found a might-work answer, it includes the php function strip_tags(); 我搜索了这个论坛,找到了一个可能可行的答案,其中包括php函数strip_tags();。
$allowed = "<img><a>";
$formatted = strip_tags($_POST['usercomment'], $allowed );
What is the most secure (and right) solution to this? 最安全(正确)的解决方案是什么? I've read about some DOM and that regulair expressions isn't right for this job, but I really need som help with this. 我已经读过一些DOM,但是regulair表达式并不适合这项工作,但是我确实需要som帮助。 Without the line with img tag, my function works very well when a user post a link ( http://example.com ) and this becomes clickable. 如果没有带img标签的行,当用户发布链接( http://example.com )时,我的功能会很好用,并且可以单击。
Excuse me for my poor english and way of description, this is my first post inhere. 对不起,我的英语不好,而且描述方式不好,这是我在这里的第一篇文章。
1 个解决方案
解决方案1
0 2014-01-27 17:43:27
Why not just strip out everything, and make your users use bbcode, I just wrote this function to do something similar. 为什么不删除所有内容,并让您的用户使用bbcode,我只是编写了此函数以执行类似的操作。
function html2txt($document){
`$search = array('@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@', // Strip multi-line comments including CDATA
'@EMBED@siU',
'@SRC@siU',
'@allowScriptAccess@siU',
'@allownetworking@siU',
'/<.*?>/'
);
$text = preg_replace($search, '', $document);
return $text;
}
function display_bbcode($string){
$search =
array(
'~\[url(?|=[\'"]?+([^]"\']++)[\'"]?+]([^[]++)|](([^[]++)))\[/url]~', // URL
'/\[b\](.*?)\[\/b\]/ms', // Bold
'/\[i\](.*?)\[\/i\]/ms', // Italic
'/\[u\](.*?)\[\/u\]/ms', // Underline
'/\[img\](.*?)\[\/img\]/ms', //IMG
'/\[size\="?(.*?)"?\](.*?)\[\/size\]/ms', //Font Size
'/\[color\="?(.*?)"?\](.*?)\[\/color\]/ms', // Color
'/\[quote](.*?)\[\/quote\]/ms', //Quote
'/\[list\=(.*?)\](.*?)\[\/list\]/ms', //List
'/\[list\](.*?)\[\/list\]/ms', // Default List
'/\[\*\]\s?(.*?)\n/ms'
);
$replace =
array(
'<a href="$1">$2</a>', // URL
'<strong>\1</strong>', // Bold
'<em>\1</em>', // Italic
'<u>\1</u>', // Underline
'<img src="\1" alt="\1" height=\'200px\' width=\'200px\'/>', //Image, Auto Re-size
'<font size="\1%">\2</font>',// Font Size
'<font color="\1">\2</font>', // Font Color
'<blockquote>\1</blockquote>', //Qoute
'<ol start="\1">\2</ol>', // Some List Style?
'<li>\1</li>',//Default List Style
'<li>\1</li>'
);
$text = preg_replace($search, $replace, $string);
return $text;
}
Then just call your functions: 然后只需调用您的函数:
When user posts content: strip_tags(html2txt($input)); 当用户发布内容时: strip_tags(html2txt($input));
When displaying the Content: display_bbcode($output); 显示内容时: display_bbcode($output);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.