将 eregi_replace 转换为 preg_replace [英] Converting an eregi_replace to a preg_replace
问题描述
我正在尝试解析一些 HTML 片段,并出于各种原因想要清理它们(XSS 等).
我目前正在尝试删除任何标签上的所有属性,但锚点上的 href 除外.我正在使用一系列 eregi_replace 调用来执行此操作,但我确信使用 preg_replace 和仅几行代码可以更智能地执行此操作,但我无法使其正常工作.有人可以帮忙吗?
当前代码:
$data_item = eregi_replace("<p[^>]*>","<p>", $data_item);$data_item = eregi_replace("]*>","", $data_item);$data_item = eregi_replace("]*>","", $data_item);$data_item = eregi_replace("]*>","", $data_item);$data_item = eregi_replace("]*>","", $data_item);$data_item = eregi_replace("]*>","", $data_item);$data_item = eregi_replace("]*>","", $data_item);$data_item = eregi_replace("]*>","", $data_item);$data_item = eregi_replace("]*>","- ", $data_item);$data_item = preg_replace("/<a([^>]*)( href=\S+)([^>]*)>/i", '<a$2 rel="nofollow">', $data_item);
(我只需要解析 HTML 标签的一个子集,因为在此之前我会去除任何不需要的标签).
为什么不使用将匹配任何标签的通用正则表达式,然后 preg_replace_callback() 允许您确定应该用什么替换给定标签?这样你就可以有一个简单的函数来检查匹配的标签是否是 a 标签,如果是,则不替换 href,否则替换所有内容.
或者,您可以执行以下操作:
$data_item = preg_replace("/<(p|h2|h3|h4|h5|h6|ul|ol)[^>]*>/i","<$1>", $dataitem);其中正则表达式中的 () 组捕获匹配的标签类型,| 是匹配任何指定标签的或"运算符,并且替换文本中的 $1 用于替换与模式中第一个(也是唯一一个)捕获组匹配的内容.
I am trying to parse some HTML snippets and want to clean them up for various reasons (XSS et al).
I am currently trying to remove all of the attributes on any tag, except for the href on a anchor. I am doing this using a sequence of eregi_replace calls, but I am sure there is a smarter way of doing this using preg_replace and just a couple of lines of code, but I have not been able to get it to work. Can anyone help?
Current code:
$data_item = eregi_replace("<p[^>]*>","<p>", $data_item);
$data_item = eregi_replace("<h2[^>]*>","<h2>", $data_item);
$data_item = eregi_replace("<h3[^>]*>","<h3>", $data_item);
$data_item = eregi_replace("<h4[^>]*>","<h4>", $data_item);
$data_item = eregi_replace("<h5[^>]*>","<h5>", $data_item);
$data_item = eregi_replace("<h6[^>]*>","<h6>", $data_item);
$data_item = eregi_replace("<ul[^>]*>","<ul>", $data_item);
$data_item = eregi_replace("<ol[^>]*>","<ol>", $data_item);
$data_item = eregi_replace("<li[^>]*>","<li>", $data_item);
$data_item = preg_replace("/<a([^>]*)( href=\S+)([^>]*)>/i", '<a$2 rel="nofollow">', $data_item);
(I only need to parse a subset of HTML tags as prior to this I strip out any undesireables).
Why not use a general regex that will match any tag, and then preg_replace_callback() to allow you to determine what a given tag should be replaced with? That way you can have a simple function that checks to see if the matched tag was an a tag, and if so, not replace the href, but otherwise replace everything.
Alternatively, you could do something like this:
$data_item = preg_replace("/<(p|h2|h3|h4|h5|h6|ul|ol)[^>]*>/i","<$1>", $dataitem);
Where the () group in the regex captures the type of tag matched, the | is the "or" operator to match any of the indicated tags, and the $1 in the replacement text is used to substitute in what was matched by the first (and only) capture group from the pattern.
这篇关于将 eregi_replace 转换为 preg_replace的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
