I'm trying to build a web site basicly for sharing sample codes and comments. My problem is avoiding any tags/scripts except a img and some very common ones like i b... I tried different solutions but at one point all of them stacks: If user uses < not for tags, meaning less than...
First started my code with spliting the tags, split_tag the other places and htmlspecialchars to the code part then remerge them. But still if user uses < anywhere in text part it erases the post until it sees a >. (Also tried to avoid strip_tags to erase, by putting a whitespace after < but couldnt find a way to recognize if it is a tag or less than)
Then i tried it backward. Used htmlspecialchars for all post and change the specific ones back to tag appearance. This time i got trouble with all replace functions because some of them didnt worked correctly or overlap with eachothe开发者_如何学编程r. I feel like there is a simple solution but i couldnt looked at the right angle. Any suggestions ?
$yazi = htmlspecialchars($_POST["yazi"]);
$yazi = str_replace('<a href="', '<a href"', $yazi);
$yazi = str_replace('</a>', '</a>', $yazi);
$yazi = str_replace('<code>','<code>', $yazi);
$yazi = str_replace('</codea>', '</code>', $yazi);
$yazi = str_replace('<br>', '<br>', $yazi);
$yazi = str_replace('<i>', '<i>', $yazi);
$yazi = str_replace('</i>', '</i>', $yazi);
$yazi = str_replace('<b>','<b>',$yazi);
$yazi = str_replace('</b>','</b>',$yazi);
$yazi = str_replace('<p>','<p>',$yazi);
$yazi = str_replace('</p>','</p>',$yazi);
$yazi = str_replace('<img src="', '<img src="', $yazi);
$yazi = str_replace('"/>', '"/>', $yazi);
$yazi = str_replace('" />', '" />', $yazi);
$yazi = str_replace('">', '">', $yazi);
$yazi = str_replace('" >', '" >', $yazi);
Sounds like you want an HTML sanitizer.
http://htmlpurifier.org/ looks pretty good.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论