How to output raw HTML in CakePHP 2.2?
Question
I have this property which is HTML saved from a TinyMCE editor:
<?php echo h($person['Person']['CurriculumVitae']); ?>
How can I have it displayed on the web and rendered as RAW Html not a simple string?
2 answers
solution1
2 ACCPTED 2012-10-03 14:15:53
不要将变量包装在h() ,这是htmlspecialchars()的别名,它会转义HTML实体:
<?php echo $person['Person']['CurriculumVitae']; ?>
solution2
2 2012-10-04 11:26:37
Just to remove the h() might solve your issue but it will open possible security holes because the field that keeps the html from TinyMCE will now become a possible security hole.
I had the exact same issue and solved it by using http://htmlpurifier.org/ for the output of tinymce HTML. I've written also a CakePHP plugin around it. https://github.com/burzum/HtmlPurifier
HtmlPurifier will allow you to configure an allowed set of Html elements and even of it's attributes. So you could for example specify that href is allowed but class is not.
You'll need to create a config for HtmlPurifier that will match whatever you allow your users to do with TinyMce. It will remove all non allowed tags and attributes from the markup the user has entered.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.