[英]php htmlentities tags exceptions leave working only certains
我沒有問題,可以使用此正常工作的代碼來禁止所有HTML標記:
while($row = $result->fetch_array()){
echo "<span class='names'>".htmlentities($row['username'])."</span>:<span class='messages'>".htmlentities($row['msg'])."</span><br>";
}
但是,如果我想允許某些標簽例外怎么辦?
我想要的結果是禁用除<p><b><h2>
之外的任何標簽
示例:(允許<b>
和不允許<div>
)
<b>sometext</b><div>sometext</div>
預期結果:
sometext <div>sometext</div>
見圖片:
這里是您的結果:
請注意在底部設置允許使用的標簽:
function strip_html_tags( $text )
{
$text = preg_replace(
array(
// Remove invisible content
'@<b[^>]*?>.*?</b>@siu', // HERE IS YOUR DISSALOW TAG WITH CONTENT
'@<head[^>]*?>.*?</head>@siu',
'@<style[^>]*?>.*?</style>@siu',
'@<script[^>]*?.*?</script>@siu',
'@<object[^>]*?.*?</object>@siu',
'@<embed[^>]*?.*?</embed>@siu',
'@<applet[^>]*?.*?</applet>@siu',
'@<noframes[^>]*?.*?</noframes>@siu',
'@<noscript[^>]*?.*?</noscript>@siu',
'@<noembed[^>]*?.*?</noembed>@siu',
// Add line breaks before and after blocks
'@</?((address)|(blockquote)|(center)|(del))@iu',
'@</?((h[1-9])|(ins)|(isindex)|(p)|(pre))@iu',
'@</?((dir)|(dl)|(dt)|(dd)|(li)|(menu)|(ol)|(ul))@iu',
'@</?((table)|(th)|(td)|(caption))@iu',
'@</?((form)|(button)|(fieldset)|(legend)|(input))@iu',
'@</?((label)|(select)|(optgroup)|(option)|(textarea))@iu',
'@</?((frameset)|(frame)|(iframe))@iu',
),
array(
"\$0", // RETURNED STATEMENT
' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ',
"\$0", "\$0", "\$0", "\$0", "\$0", "\$0",
"\$0", "\$0",
),
$text );
$to_strip = strip_tags( $text, '<b>' ); // STRIP YOUR BOLD TAGS
// add here to another + add content on above '@<b[^>]*?>.*?</b>@siu', and returns "\$0" on arrays
return $to_strip;
}
$e = '<b>from_bold_text</b><div>from_div_text</div>';
echo strip_html_tags($e);
結果:
from_bold_text<div>from_div_text</div>
shell:~$ php ar.php <b>sometext</b>sometext shell:~$ cat ar.php <?php $t ="<b>sometext</b><div>sometext</div>"; $text = htmlentities($t, ENT_QUOTES, "UTF-8"); $text = htmlspecialchars_decode($text); $text = strip_tags($text, "<p><b><h2>"); echo $text; shell:~$ php ar.php <b>sometext</b>sometext
注意:strip_tags不會刪除其中的值,只會刪除標簽。
$ text ='
sometext sometext';
$ text2 = strip_tags($ text,'
');
var_dump($ text2);
//它將顯示允許的標簽和值。
要刪除其中的一個值,請使用regex或另一個具有CONTENT ON MANUAL的功能:
<?php function strip_tags_content($text, $tags = '', $invert = FALSE) { preg_match_all('/<(.+?)[\\s]*\\/?[\\s]*>/si', trim($tags), $tags); $tags = array_unique($tags[1]); if(is_array($tags) AND count($tags) > 0) { if($invert == FALSE) { return preg_replace('@<(?!(?:'. implode('|', $tags) .')\\b)(\\w+)\\b.*?>.*?</\\1>@si', '', $text); } else { return preg_replace('@<('. implode('|', $tags) .')\\b.*?>.*?</\\1>@si', '', $text); } } elseif($invert == FALSE) { return preg_replace('@<(\\w+)\\b.*?>.*?</\\1>@si', '', $text); } return $text; } ?> Sample text: $text = '<b>sample</b> text with <div>tags</div>'; Result for strip_tags($text): sample text with tags Result for strip_tags_content($text): text with Result for strip_tags_content($text, '<b>'): <b>sample</b> text with Result for strip_tags_content($text, '<b>', TRUE); text with <div>tags</div>
您的期望:
$text = '<b>sometext_from_bold</b><div>sometext_from_div</div>';
//這里是函數函數strip_tags_content($ text,$ tags ='',$ invert = FALSE){....}
//您的結果
echo strip_tags_content($text, '<b>', FALSE);
結果:
<b>sometext_from_bold</b>
這段代碼完成了工作,使用DOMDocument
解析了HTML代碼。 似乎比正則表達式更可靠(如果用戶在禁止標記中插入屬性會發生什么?可能包含<>
嗎?),尤其是在閱讀了此問題之后 ; 它需要更多的工作,但不一定更快。
<?
$allowed = ['strong']; // your allowed tags
$text = "<div>\n" .
" <div style=\"color: #F00;\">\n" .
" Your <strong>User Text</strong> with DIVs.\n".
" </div>\n" .
" more <strong>text</strong>\n" .
"</div>\n";
echo selective_escape($text, $allowed);
/* outputs:
<div>
<div style="color: #F00;">
Your <strong>User Text</strong> with DIVs.
</div>
more <strong>text</strong>
</div>
*/
/** Escapes HTML entities everywhere but in the allowed tags.
*/
function selective_escape($text, $allowed_tags) {
$doc = new DOMDocument();
/* DOMDocument normalizes the document structure when loading,
adding a bunch of <p> around text where needed. We don't need
this as we're working only on small pieces of HTML.
So we pretend this is a piece of XML code.
*/
// $doc->loadHTML($text);
$doc->loadXML("<?xml version=\"1.0\"?><body>" . $text . "</body>\n");
// find the body
$body = $doc->getElementsByTagName("body")->item(0);
// do stuff
$child = $body->firstChild;
while ($child != NULL) {
$child = selective_escape_node($child, $allowed_tags);
}
// output the innerHTML. need to loop again
$retval = "";
$child = $body->firstChild;
while ($child != NULL) {
$retval .= $doc->saveHTML($child);
$child = $child->nextSibling;
}
return $retval;
}
/** Escapes HTML for tags that are not in $allowed_tags for a DOM tree.
* @returns the next sibling to process, or NULL if we reached the last child.
*
* The function replaced a forbidden tag with two text nodes wrapping the
* children of the old node.
*/
function selective_escape_node($node, $allowed_tags) {
// preprocess children
if ($node->hasChildNodes()) {
$child = $node->firstChild;
while ($child != NULL) {
$child = selective_escape_node($child, $allowed_tags);
}
}
// check if there is anything to do on $node as well
if ($node->nodeType == XML_ELEMENT_NODE) {
if (!in_array($node->nodeName, $allowed_tags)) {
// move children right before $node
$firstChild = NULL;
while ($node->hasChildNodes()) {
$child = $node->firstChild;
if ($firstChild == NULL) $firstChild = $child;
$node->removeChild($child);
$node->parentNode->insertBefore($child, $node);
}
// now $node has no children.
$outer_html = $node->ownerDocument->saveHTML($node);
// two cases. either ends in "/>", or in "</TAGNAME>".
if (substr($outer_html, -2) === "/>") {
// strip off "/>"
$outer_html = substr($outer_html, 0, strlen($outer_html) - 2);
} else {
// find the closing tag
$close_tag = strpos($outer_html, "></" . $node->nodeName . ">");
if ($close_tag === false) {
// uh-oh. something wrong
return NULL;
} else {
// strip "></TAGNAME>"
$outer_html = substr($outer_html, 0, $close_tag);
}
}
// put a textnode before the first child
$txt1 = $node->ownerDocument->createTextNode($outer_html . ">");
// and another before $node
$txt2 = $node->ownerDocument->createTextNode("</" . $node->nodeName . ">");
// note that createTextNode automatically escapes "<>".
$node->parentNode->insertBefore($txt1, $firstChild);
$node->parentNode->insertBefore($txt2, $node);
// pick the next node to process
$next = $node->nextSibling;
// remove node
$node->parentNode->removeChild($node);
return $next;
}
}
// go to next sibling
return $node->nextSibling;
}
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.