[英]Safe methods to print database stored wysiwyg html content
I've built a blog CMS in PHP for my company's website. 我已经在我公司的网站上用PHP构建了一个博客CMS。 When one of our staff members writes a blog article in the admin area, it saves raw HTML to the MySQL database.
当我们的一名工作人员在管理区域中写博客文章时,它会将原始HTML保存到MySQL数据库中。
Example: 例:
<p>Some example text written by my staff stored in the database</p>
On the page where I print the article to screen, in PHP, what is the safest method to print the HTML that would help prevent XSS or other nasties? 在我打印文章到屏幕的页面上,在PHP中,打印HTML的最安全方法是什么,这有助于防止XSS或其他恶意软件? Obviously, I still need the HTML tags for it to display in the same way the user wrote it.
显然,我仍然需要HTML标签,以便用户以相同的方式显示它。
I did try htmlspecialchars()
but that printed the tags instead of using them. 我确实尝试过
htmlspecialchars()
但打印标签而不是使用它们。
你可以使用这个库: http : //htmlpurifier.org/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.