客户端Javascript代码，用于从CKEditor中删除伪造的HTML [英] Client-side Javascript code to strip bogus HTML from CKEditor

问题描述

我认为这可能与需要Pure / jQuery Javascript解决方案来清理文本区域的Word HTML

但在我的情况下，我我使用CKEditor;但是，在将数据发送到服务器之前（或者在收到数据之后），我想删除垃圾HTML标签和评论，例如从最近（2007年或更高版本）的Microsoft Office粘贴时出现的那些。因为这里的服务器端是第三方应用程序，所以如果可以，我更愿意做这个客户端。是的，我知道这样做的安全风险;这只是为了清理常见用例中的数据。

But in my case I am using CKEditor; however, before sending the data to the server (or after receiving it back) I'd like to strip out "junk" HTML tags and comments such as those that appear when pasting from recent (2007 or later) versions of Microsoft Office. Because the server-side here is a third-party application, I'd prefer to do this client side if I can. Yes, I am aware of the security risks of doing that; this is just meant to sanitize data in common use cases.

是否有任何常用技术或现有库（特别是jQuery友好）可以做到这一点？请注意，我不打算编码或删除所有 HTML，只删除与Office相关的问题。

Are there any common techniques or existing libraries (especially jQuery-friendly) that can do this? Note, I am not looking to encode or strip all HTML, only the Office-related crud.

推荐答案

<你有没有尝试过CKEditor内置的Word清理功能？
它似乎在使用从Word粘贴对话框时自动运行，但也可以从您的代码中使用。
我不是CKEditor API的专家，因此可能有更高效或更正确的方法，但这似乎适用于当前版本（3.3.1）：

Did you try CKEditor built in Word clean up functionality? It seems to be run automatically when using the "Paste From Word" dialog, but can also be used from your code. I'm not an expert on CKEditor API, so there might be a more efficient or correct way of doing this, but this seems to work on the current release (3.3.1):

function cleanUp() {

    if (!CKEDITOR.cleanWord) {
        // since the filter is lazily loaded by the pastefromword plugin we need to add it ourselves. 
        // We use the same function as the callback for when the cleanup filter is loaded. Change the script path to the correct one
        CKEDITOR.scriptLoader.load("../plugins/pastefromword/filter/default.js", cleanUp, null, false, true );
        alert('loading script for the first usage');
    } else { // The cleanWord is available for use

        // change to the correct editor instance
        var editor = CKEDITOR.instances.editor1;
        // perform the clean up
        var cleanedUpData = CKEDITOR.cleanWord(editor .getData(),  editor );

        // do something with the clean up
        alert(cleanedUpData);
    }
}

cleanUp();

如果您对此清理不满意，可以修改default.js以满足您的清理需求。
有一些可用于清理的配置选项，请查看 http：/ /docs.cksource.com/ckeditor_api/symbols/CKEDITOR.config.html （搜索pasteFromWord选项）。

If you're not happy with this clean up you can modify default.js for your clean up needs. There are some configuration options available for the cleanup, check http://docs.cksource.com/ckeditor_api/symbols/CKEDITOR.config.html (search for "pasteFromWord" options).

如果您需要更高级的东西，但这需要服务器访问，我建议您检查WordOff（ http://wordoff.org/ ）。您可能能够围绕其服务构建代理和jsonp包装器，以便您可以在没有安装服务器的情况下从客户端使用它。

If you need something more advanced, but that will require a server access, I suggest you check WordOff (http://wordoff.org/). You might be able to build a proxy and jsonp wrapper around their service so you can use it from the client without a server installation.

这篇关于客户端Javascript代码，用于从CKEditor中删除伪造的HTML的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！