[英]Link inside text in HTML purify
I have a link inside text: 我在文字内有一个链接:
$va="Some text http://www.stackoverflow.com?var=1&var2=2 more text"
When purify with this: 用此进行净化时:
$config = HTMLPurifier_Config::createDefault();
$config->set('URI.MakeAbsolute', false);
$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$config->set('URI.AllowedSchemes',
array (
'http' => true,
'https' => true,
'mailto' => true
));
$def = $config->getHTMLDefinition(true);
$def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
$def->addAttribute('a', 'data-width', 'Text');
$def->addAttribute('a', 'data-height', 'Text');
$def->addAttribute('a', 'id', 'Text');
$def->addAttribute('a', 'name', 'Text');
$purifier = new HTMLPurifier($config);
$va = $purifier->purify($va);
Purify replace character & of the link for < how can i prevent this? 清除<链接的替换字符&,<如何防止这种情况?
When I run your code, I get the desired result: 当我运行您的代码时,我得到了预期的结果:
<?php
ini_set('display_errors', TRUE);
error_reporting(E_ALL);
include_once 'library/HTMLPurifier.auto.php';
$raw = 'Some text http://www.stackoverflow.com?var=1&var2=2 more text';
$config = HTMLPurifier_Config::createDefault();
$config->set('URI.MakeAbsolute', false);
$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$config->set('URI.AllowedSchemes',
array (
'http' => true,
'https' => true,
'mailto' => true
));
$def = $config->getHTMLDefinition(true);
$def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
$def->addAttribute('a', 'data-width', 'Text');
$def->addAttribute('a', 'data-height', 'Text');
$def->addAttribute('a', 'id', 'Text');
$def->addAttribute('a', 'name', 'Text');
$purifier = new HTMLPurifier($config);
echo $purifier->purify($raw);
I get 我懂了
Some text http://www.stackoverflow.com?var=1&var2=2 more text
Notice that the ampersand has been properly escaped. 请注意,&符号已被正确转义。 It must be a bug elsewhere in your code.
它必须是代码中其他位置的错误。
I didn't work with this library, but it's curious to me that you make a definition for the link ($def) and never set it on purifier. 我没有使用此库,但令我感到奇怪的是,您为链接($ def)定义了一个定义,并且从未在purifier上进行设置。
Whitelisting the "<" character is not the right solution from my point of view. 从我的角度来看,将“ <”字符列入白名单不是正确的解决方案。 It should be handled by purifier if its configured in the right way.
如果净化器配置正确,则应由净化器处理。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.