htmlentities displaying html safely
Question
I have data that is coming in from a rss feed. I want to be safe and use htmlentities but then again if I use it if there is html code in there the page is full of code and content. I don't mind the formatting the rss offers and would be glad to use it as long as I can display it safely. I'm after the content of the feed but also want it to format decently too (if there is a break tag or paragraph or div) Anyone know a way?
3 answers
solution1
1 2010-07-21 15:53:38
Do you want to protect from XSS in the feed? If so, you'll need an HTML sanitizer to run on the HTML prior to displaying it:
If you just want to escape whatever is there, just call htmlspecialchars() on it. But any HTML will appear as escaped text...
solution2
1 2010-07-21 15:54:24
You can use the strip_tags tags function and specify the allowed tags in there:
echo strip_tags($content, '<p><a>');
This way any tag not specified in allowed tags will be removed.
solution3
0 2010-07-21 16:10:49
您可以将HTML转换为标记 ,然后使用各种库再次备份。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.