php过滤不安全的html

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Release： 2016-06-13 10:11:27

Original

933 people have browsed it

php过滤不安全的html用PHP过滤html里可能被利用来引入外部危险内容的代码。有些时候，需要让用户提交html内容，
以便丰富用户发布的信息，当然，有些可能造成显示页面布局混乱的代码也在过滤范围内。

以下是引用片段：
#用户发布的html,过滤危险代码
function uh($str)
{
    $farr = array(
        "/\s+/",
                       //过滤多余的空白
        "/]*?)>/isU",
//过滤 <script></script> 以加入         "/(]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
//过滤javascript的on事件

   );
   $tarr = array(
        " ",
        "＜\\1\\2\\3＞",           //如果要直接清除不安全的标签，这里可以留空
        "\\1\\2",
   );

$str = preg_replace( $farr,$tarr,$str);
return $str;
}

Related labels：

html php not safe external introduce use of filter

source：php.cn

Previous article：php加密程序 Next article：php注入祥解

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn