PHP-HTML Purifier-你好w< rl”/世界教程带标签 [英] PHP - HTML Purifier - hello w<o>rld/world tutorial striptags
问题描述
我只是在研究使用HTML Purifier来确保清除用户输入的字符串(代表一个人的名字).
I am just looking into using HTML Purifier to ensure that a user-inputed string (that represents the name of a person) is sanitized.
我不想允许任何html标签,脚本,标记等-我只想要字母,数字和普通标点符号.
I do not want to allow any html tags, script, markup etc - I just want the alpha, numeric and normal punctuation characters.
HTML Purifier可用的选项数量之多令人望而生畏,据我所知,文档似乎没有开头/中间或结尾
The sheer number of options available for HTML Purifier is daunting and, as far as i can see, the docs do not seem to have a beggining/middle or end
请参阅: http://htmlpurifier.org/docs
是否有一个简单的HTML净化器在线问候世界教程,显示了如何清理字符串以清除其中的所有不良内容.
我也在考虑仅使用剥离标签:
I am also considering just using strip tags:
或PHP的内置数据清理
or PHP's in built data sanitizing
推荐答案
我一直在使用HTMLPurifier清理RTF编辑器的输出,最后得到:
I've been using HTMLPurifier for sanitizing the output of a rich text editor, and ended up with:
include_once('htmlpurifier/library/HTMLPurifier.auto.php');
$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'Encoding', 'UTF-8');
$config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
if (defined('PURIFIER_CACHE')) {
$config->set('Cache', 'SerializerPath', PURIFIER_CACHE);
} else {
# Disable the cache entirely
$config->set('Cache', 'DefinitionImpl', null);
}
# Help out the Purifier a bit, until it develops this functionality
while (($cleaner = preg_replace('!<(em|strong)>(\s*)</\1>!', '$2', $input)) != $input) {
$input = $cleaner;
}
$filter = new HTMLPurifier($config);
$output = $filter->purify($input);
主要景点:
- 包括自动装带器.
- 将
HTMLPurifier_Config
的实例创建为$config
. - 根据需要使用
$config->set()
设置配置设置. - 创建
HTMLPurifier
的实例,并将其传递给$config
. - 在输入中使用
$filter->purify()
.
- Include the autoloader.
- Create an instance of
HTMLPurifier_Config
as$config
. - Set configuration settings as needed, with
$config->set()
. - Create an instance of
HTMLPurifier
, passing$config
to it. - Use
$filter->purify()
on your input.
但是,对于不需要在输出中允许任何HTML的内容来说,这完全是过分的了.
However, it's entirely overkill for something that doesn't need to allow any HTML in the output.
这篇关于PHP-HTML Purifier-你好w< rl”/世界教程带标签的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!