[英]PHP strip_tags(): Strip all but images from a certain domain?
I would like to know if it is possible to strip ALL tags from a form the user has submitted, apart from tags from a certain domain. 我想知道是否有可能从用户提交的表单中剥离所有标签,以及来自某个域的标签。
I have a form which is mostly an "About Me" field where the user can share some information about himself/herself. 我的表单主要是“关于我”字段,用户可以在其中共享一些有关他/她自己的信息。 I am currently stripping and securing the data for a MySQL insert using this:
我目前正在使用以下方法剥离并保护MySQL插入的数据:
$data = trim(htmlentities(strip_tags((string)$_POST['f_ab_me'])));
$data = mysqli_real_escape_string($db, $data);
Now I know strip_tags allows the possibility of allowing specific tags by using: 现在我知道strip_tags允许通过使用以下方式允许特定标签:
strip_tags($data, 'img');
But can I somehow tell it to NOT remove IMG tags that have the attribute "source" from " http://i.imgur.com/ ....." for example? 但是,我能否以某种方式告诉它不要从“ http://i.imgur.com/ .....”中删除具有属性“ source”的IMG标签?
I do not want to allow the user to upload pictures on my server since I do not want to have to use that much bandwidth, but I would like to give them the option to still add images from imgur.com (which strips EXIF information automatically). 我不想允许用户在服务器上上传图片,因为我不想使用那么多的带宽,但是我想给他们选择仍然从imgur.com添加图片的选项(该图片会自动删除EXIF信息) )。 What I also do not what to do is have a ton of input-boxes where the user can enter a link in each one, that just wouldn't look very nice in my opinion.
我也不怎么做,就是有很多输入框,用户可以在其中输入一个链接,在我看来,这看起来并不好。
This is why i am asking if it is possible to somehow control it programmatically, maybe with a regular expression? 这就是为什么我问是否有可能以某种方式以编程方式控制它,也许使用正则表达式?
Thank you very much for your time. 非常感谢您的宝贵时间。
Actually, using strip_tags
function is not a right way, cause if your user wanna write anything that looks like HTML you just cut it off. 实际上,使用
strip_tags
函数不是正确的方法,因为如果您的用户想要编写任何看起来像HTML的内容,就将其切断。 Not so friendly, huh? 不太友好吧? :)
:)
Using htmlentities
would be enough to avoid HTML injections in user-entered content. 使用
htmlentities
足以避免在用户输入的内容中注入HTML。
As of your question you can do next: 关于您的问题,您可以执行以下操作:
i.imgur.com/*
images to something like [IMG=*]
i.imgur.com/*
图像替换为[IMG=*]
htmlentities
to user content. htmlentities
应用于用户内容。 [IMG=*]
code back to img
tag. [IMG=*]
代码转回img
标签。 I'm not very familiar with Regexp but there is working pattern I wrote: 我对Regexp不太熟悉,但是我写了一种工作模式:
echo preg_replace("#<img (.*?)src=(\"|\')http(s)?://i.imgur.com(.*?)(\"|\')#U", "[IMG=http://i.imgur.com$4]", $content);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.