消毒HTML输入 [英] Sanitizing HTML input

问题描述

我正在考虑添加一个富文本编辑器，以允许非程序员更改文本的方面。但是，有一个问题是，如果标记不正确，可能会扭曲呈现的页面的布局。什么是一个很好的轻量级方法来净化html？

I'm thinking of adding a rich text editor to allow a non-programmer to change the aspect of text. However, one issue is that it's possible to distort the layout of a rendered page if the markup is incorrect. What's a good lightweight way to sanitize html?

推荐答案

推荐的选择是'HTMLPurifier'，因为它提供了无需担保的默认设置。作为更快的替代方案，通常建议使用' htmLawed '。

You will have to decide between good and lightweight. The recommended choice is 'HTMLPurifier', because it provide no-fuss secure defaults. As faster alternative it is often advised to use 'htmLawed'.

另请参阅HTMLPurifier作者的相当客观的概述： http://htmlpurifier.org/comparison

See also this quite objective overview from the HTMLPurifier author: http://htmlpurifier.org/comparison

这篇关于消毒HTML输入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！