stackoom
  简体   繁体   中英

PHP ent_quotes exception for <br> and <ar>

 原文  2012-05-01 11:07:00       php/ html-entities

Question

i am trying to covert HTML to entities using PHP, but i need to except <br> and <a> tags.

here's an example of my code 

 <?php 
  $string[0] = "<a href='http://hidd3n.tk'>Needs to stay</a> Filler text in between 
 <br><br> <script src='http://malicious.com/'></script> NEEDS to go";
  $string[1] = htmlentities($string[0], ENT_QUOTES, "UTF-8");
 ?>

2 answers

solution1
 3  2012-05-01 11:54:00

我建议您使用BBCode ,这样会更安全。

solution2
 -3  2012-05-01 11:35:36

EDIT:

Okay i have worked out a way.

Take this function rather safe than previous one: 

function convert_myhtml_entities($string){
    $string = htmlentities($string, ENT_NOQUOTES, "UTF-8");
    $string = preg_replace('/&lt;\s*br\s*(\/|)\s*&gt;/U','<br$1>',$string);
    $string = preg_replace('/&lt;\s*a(.*)\s*&gt;/U','<a$1>',$string);
    $string = preg_replace('/&lt;\s*\/\s*a\s*&gt;/U','</a>',$string);
    return $string;
}

now it is the tested with the string above.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP line break br with ENT_QUOTES htmlspecialchars & ENT_QUOTES not working? How to set ENT_QUOTES flag by default for htmlentities() function in php Applying htmlentities ENT_QUOTES on array Should I use ENT_QUOTES with htmlspecialchars or not What does htmlentities with ENT_QUOTES and UTF-8 do? when using htmlspecialchars to escape double-quotes, why is ENT_QUOTES required when using ENT_SUBSTITUTE? Can I use htmlspecialchars($email, ENT_QUOTES, 'UTF-8') instead of filter_sanitize_email() Br tag in PHP and HTML - why we need quotes PHP XSLT transforming BR tag into <br></br>
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM