PHP implements filtering various HTML tags_PHP tutorial-PHP Tutorial-php.cn

PHP implements filtering various HTML tags_PHP tutorial

WBOY

Release： 2016-07-13 09:53:53

Original

1157 people have browsed it

PHP implements filtering of various HTML tags

In the process of doing projects, we often need to filter some HTML tags to improve data security. In fact, it is to delete those Data that is potentially harmful to the application. It is used to strip tags and remove or encode unwanted characters.

First share some common ones

$str=preg_replace("/]*?srcs*=s*('|")(.*?)1[^>]*?/?s*> ;/i","", $str); //Filter img tag

$str=preg_replace("/s /","", $str); //Filter redundant carriage returns

$str=preg_replace("/<[ ] /si","<",$str); //Filter <__("<" with a space after it)

$str=preg_replace("//si","",$str); //Comments

$str=preg_replace("/<(!.*?)>/si","",$str); //Filter DOCTYPE

$str=preg_replace("/<(/?html.*?)>/si","",$str); //Filter html tags

$str=preg_replace("/<(/?head.*?)>/si","",$str); //Filter head tag

$str=preg_replace("/<(/?meta.*?)>/si","",$str); //Filter meta tags

$str=preg_replace("/<(/?body.*?)>/si","",$str); //Filter body tag

$str=preg_replace("/<(/?link.*?)>/si","",$str); //Filter link tags

$str=preg_replace("/<(/?form.*?)>/si","",$str); //Filter form tags

$str=preg_replace("/cookie/si","COOKIE",$str); //Filter COOKIE tags

$str=preg_replace("/<(applet.*?)>(.*?)<(/applet.*?)>/si","",$str); //Filter applet tag

$str=preg_replace("/<(/?applet.*?)>/si","",$str); //Filter applet tags

$str=preg_replace("/<(style.*?)>(.*?)<(/style.*?)>/si","",$str); //Filter style tag

$str=preg_replace("/<(/?style.*?)>/si","",$str); //Filter style tag

$str=preg_replace("/<(title.*?)>(.*?)<(/title.*?)>/si","",$str); //Filter title tag

$str=preg_replace("/<(/?title.*?)>/si","",$str); //Filter title tag

$str=preg_replace("/<(object.*?)>(.*?)<(/object.*?)>/si","",$str); //Filter object tag

$str=preg_replace("/<(/?objec.*?)>/si","",$str); //Filter object tag

$str=preg_replace("/<(noframes.*?)>(.*?)<(/noframes.*?)>/si","",$str); //Filter noframes tag

$str=preg_replace("/<(/?noframes.*?)>/si","",$str); //Filter noframes tag

$str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","",$str) ; //Filter frame tag

$str=preg_replace("/<(/?i?frame.*?)>/si","",$str); //Filter frame tag

$str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","",$str); //Filter script tag

$str=preg_replace("/<(/?script.*?)>/si","",$str); //Filter script tags

$str=preg_replace("/javascript/si","Javascript",$str); //Filter script tags

$str=preg_replace("/vbscript/si","Vbscript",$str); //Filter script tags

$str=preg_replace("/on([a-z] )s*=/si","On1=",$str); //Filter script tags

$str=preg_replace("//si","",$str); //Filter script tags

A simpler way of writing:

function delhtml($str){ //清除html标签

$st=-1; //开始

$et=-1; //结束

$stmp=array();

$stmp[]=" ";

$len=strlen($str);

for($i=0;$i<$len;$i ){

$ss=substr($str,$i,1);

if(ord($ss)==60){ //ord("<")==60

$st=$i;

}

if(ord($ss)==62){ //ord(">")==62

$et=$i;

if($st!=-1){

$stmp[]=substr($str,$st,$et-$st 1);

}

$str=str_replace($stmp,"",$str);

return $str;

}

function clear_html_label($html)

{

$replace = array ("", "", "1", """, "&", "<", ">", " ", chr(161), chr(162), chr(163), chr(169), "chr(1)");

return preg_replace($search, $replace, $html);

}

4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

1 2 3 4 5 6

function clear_html_label($html) { $search = array ("']*?>.*?'si", "'<[/!]*?[^<> ]*?>'si", "'([rn])[s] '", "'&(quot|#34);'i", "'&(amp|#38);'i", "'&(lt|#60);'i", "'&(gt|#62);'i", "'&(nbsp|#160);'i", "'&(iexcl|#161 );'i", "'&(cent|#162);'i", "'&(pound|#163);'i", "'&(copy|#169);'i", "' (d );'e"); $replace = array ("", "", "1", """, "&", "<", ">", " ", chr(161), chr(162), chr (163), chr(169), "chr(1)"); return preg_replace($search, $replace, $html); }

All the above three methods can be implemented, but each has its own advantages and disadvantages. Friends, please choose according to your own project needs.