From the user submitted post there are things like
<a onclick="sth()" href ="legitlink.html">some content</a>
I would like to preserve the link so that the link can still be display, but the javascript part should be sterilized
<a href="legitlink.html">some content</a>
How can this be done in php? Is there some extensions or frameworks that handle these kind of work automatically?
Don't try to make this by yourself - I bet you forgot some malicious code parts. There are testet libraries, which do a great job. Ie have a look at HTML Purifier
require_once '/path/to/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.