如何避免< code>< / code>内的所有代码标签允许人们发布代码? [英] How can I escape all code within <code></code> tags to allow people to post code?
问题描述
我想做的是允许用户发布代码,如果他们需要,所以它是可见的,它不呈现。例如:
What I want to do is to allow users to post code if they need to, so it is viewable and it doesn't render. For example:
<span>
<div id="hkhsdfhu"></div>
</span>
<h1>Hello</h1>
应该变成:
<span>
<div id="hkhsdfhu"></div>
</span>
<h1>Hello</h1>
只有在< code>< / code> 标签。现在我使用以下函数只允许某些HTML标签和转义任何其他标签:
Only if it is wrapped in <code></code> tags. Right now I am using the following function to allow only certain HTML tags and escape any other tags:
function allowedHtml($str) {
$allowed_tags = array("b", "strong", "i", "em");
$sans_tags = str_replace(array("<", ">"), array("<",">"), $str);
$regex = sprintf("~<(/)?(%s)>~", implode("|",$allowed_tags));
$with_allowed = preg_replace($regex, "<\\1\\2>", $sans_tags);
return $with_allowed;
}
但是,如果用户将其代码包裹在< ;代码>< / code> 标签,它包含我上面的功能中的任何允许的标签,这些标签将呈现而不是被转义。如何在< code>< / code> 标签中转义的东西(或只是 和> 变成& lt; 和& gt; code>)?我知道 htmlentities(),但我不想这样做到整个帖子,只有< code>< / code> ; 标签。
However, if a user wraps their code in <code></code> tags and it contains any of the allowed tags in my function above, those tags will render instead of being escaped. How can I make it where anything in <code></code> tags gets escaped (or just the < and > turned into < and >)? I know about htmlentities() but I don't want to do that to the whole post, only stuff inside <code></code> tags.
提前感谢!
推荐答案
只需使用一个 preg_replace()函数与 e修饰符执行 htmlentvals()函数在< code> 标签
Just use a single preg_replace() function with the e modifier to execute an htmlenteties() function on everything it finds within <code> tags
EDITED
function allowedHtml($str) {
$str = htmlentities($str, ENT_QUOTES, "UTF-8");
$allowed_tags = array("b", "strong", "i", "em", "code");
foreach ($allowed_tags as $tag) {
$str = preg_replace("#<" . $tag . ">(.*?)</" . $tag . ">#i", "<" . $tag . ">$1</" . $tag . ">", $str);
}
return $str;
}
$reply = allowedHtml($_POST['reply']);
$reply = preg_replace("#\<code\>(.+?)\</code\>#e", "'<code>'.htmlentities('$1', ENT_QUOTES, 'UTF-8').'</code>'", $reply);
$reply = str_replace("&", "&", $reply);
重写您的 allowedHtml()函数,并添加一个 str_replace()在最后。
Rewrote your allowedHtml() function and added a str_replace() at the end.
它已经过测试,现在应该可以正常工作:)
It's tested and should now work perfectly :)
更新 - 新解决方案
function convertHtml($reply, $revert = false) {
$specials = array("**", "*", "_", "-");
$tags = array("b", "i", "u", "s");
foreach ($tags as $key => $tag) {
$open = "<" . $tag . ">";
$close = "</" . $tag . ">";
if ($revert == true) {
$special = $specials[$key];
$reply = preg_replace("#" . $open . "(.+?)" . $close . "#i", $special . "$1" . $special, $reply);
}
else {
$special = str_replace("*", "\*", $specials[$key]);
$reply = preg_replace("#" . $special . "(.+?)" . $special . "#i", $open . "$1" . $close, $reply);
}
}
return $reply;
}
$reply = htmlentities($reply, ENT_QUOTES, "UTF-8");
$reply = convertHtml($reply);
$reply = preg_replace("#[^\S\r\n]{4}(.+?)(?!.+)#i", "<pre><code>$1</code></pre>", $reply);
$reply = preg_replace("#\</code\>\</pre\>(\s*)\<pre\>\<code\>#i", "$1", $reply);
$reply = nl2br($reply);
$reply = preg_replace("#\<pre\>\<code\>(.*?)\</code\>\</pre\>#se", "'<pre><code>'.convertHtml(str_replace('<br />', '', '$1'), true).'</code></pre>'", $reply);
讨论另一个解决方案,上面的代码将会解决这个问题。它像Stack Overflow html转换一样工作,这意味着**变成粗体,*变成斜体,_变成下划线, - 是删除线。最重要的是,以4个或更多空格开始的所有行将作为代码
Discussed another solution, and the above code will fix that. It works just like the Stack Overflow html conversion, which means that ** becomes bold, * becomes italic, _ becomes underlined and - is "strikethrough". On top of that, all lines starting with 4 or more spaces will be output as code
这篇关于如何避免< code>< / code>内的所有代码标签允许人们发布代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
