为 HTML 输入自定义验证
[英]Customize validation for HTML input
问题描述
I want to allow same HTML tags like <img> <strong> <p> to be usable by site users, but how to check misusing these tags, such as unclosed <p> that can match by a closing </p> in site theme and make page corrupted?
我想允许站点用户可以使用相同的 HTML 标签,例如<img> <strong> <p> ,但是如何检查滥用这些标签,例如可以通过站点中的关闭</p>匹配的未关闭<p> p>主题并使页面损坏? also, I make shorten long posts for showing on index page that can make broken tags too.另外,我会缩短长帖子以显示在索引页面上,这也可能导致标签损坏。
Laravel has a csrf-token tag for preventing cross-site scripts, but doesn't seem to check things i said. Laravel 有一个csrf-token标签用于防止跨站点脚本,但似乎没有检查我所说的内容。
1 个解决方案
解决方案1
1 已采纳 2019-09-26 08:14:56
I don't know the laravelish way for this issue, but you could write your own validation function using regular expressions.我不知道这个问题的 laravelish 方式,但您可以使用正则表达式编写自己的验证 function。 Here's a demo for p tags:这是p标签的演示:
// Html code here
$html = 'here';
// Strip newlines so we won't need multilines modifiers
$html = str_replace("\r\n", "", $html);
// Strip correct <p>...</p> tags and their content from html data
$html = preg_replace("@<p>.*?</p>@", "", $html);
// Check if any <p> tag remains in data. If so, it means a tag has been unenclosed/enclosed incorrectly
$s[0] = strpos($html, '<p>');
$s[1] = strpos($html, '</p>');
if($s[0] !== false || $s[1] !== false)
echo "Syntax error in HTML code";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.