I'm working on an online publication that will accept submissions from the general public. My WYSIWYG editor is set to strip out any embedded style/class开发者_运维问答 tags (except those allowed by the editor), and I'm also checking this on the server side when it is saved. As a third layer of defense I would like to implement some CSS overrides to nullify any CSS directives embedded within a certain element of the page. Is this possible? I would imagine not for embedded style attributes, but possibly for embedded <style></style> blocks and class attributes?
You could use !important in your stylesheet to make sure that your rule will wins out over any other styling, inline or otherwise etc. Live example: http://jsfiddle.net/tw16/WpktM/
<div class="override" style="background:salmon; height: 50px; width: 50px;"></div>
.override{
height: 200px !important;
width: 200px !important;
background: skyblue !important;
}
It will be easier and more reliable to simply disallow link and style tags (or have their opening < turned into a <) and then use an XML parser to remove the style attribute from individual tags before inserting into the database.
A fast and dirty way to get rid of all unwanted attributes, by the way, is to simply use a string replace and swap = for =.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论