Sterilizing javascript in <a onclick=“sth” href =“”> in user input
Question
From the user submitted post there are things like
<a onclick="sth()" href ="legitlink.html">some content</a>
I would like to preserve the link so that the link can still be display, but the javascript part should be sterilized
<a href="legitlink.html">some content</a>
How can this be done in php? Is there some extensions or frameworks that handle these kind of work automatically?
1 answers
solution1
1 ACCPTED 2014-02-22 15:43:02
Don't try to make this by yourself - I bet you forgot some malicious code parts. There are testet libraries, which do a great job. Ie have a look at HTML Purifier
require_once '/path/to/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Change href of <a> tag to <input> tag onClick with JavaScript
A href onclick append to input
JavaScript onClick href
a href combi with javascript onClick
Javascript every href onclick
JavaScript get href onclick
JavaScript onclick change href
Javascript to Replace HREF with ONCLICK
href onclick javascript right click
How to append character to input field one by one instead of using sth.value() = sth in javascript?
Related Tags