HTMLPurifier:允许嵌入

时间:2012-09-03 23:15:48

标签: php html filtering htmlpurifier

这是我允许的标签:

public function filter($str) {

$config = HTMLPurifier_Config::createDefault();
    $config->set('Core.Encoding', 'UTF-8');
    $config->set('HTML.SafeEmbed', true);
    $config->set('HTML.SafeObject', true);
    $config->set('Output.FlashCompat', true);
    $config->set('HTML.FlashAllowFullScreen', true);
    $config->set('HTML.Allowed', 'object[classid|width|height|data],param[name|value],embed[src|type|allowscriptaccess|allowfullscreen|width|height|wmode]');


    $PHTML = new HTMLPurifier($config);

    return $PHTML->purify($str);
 }

这是嵌入代码:

<object classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000' width='450' height='24'><param name='movie' value='http://rockdizfile.com.com/player/player.swf'><param name='allowfullscreen' value='true'><param name='allowscriptaccess' value='always'><param name='wmode' value='transparent'><param name='flashvars' value='file=http://www4a.rockdizfile.com:80/d/wolc22zkfp4r2ge4elcuugteixfmw7h2yrxy2bvxyc73psaqhhbd2hix/8noptiencs83.mp3&duration=193.4'><embed src='http://rockdizfile.com/player/player.swf' width='420' height='24' allowscriptaccess='always' allowfullscreen='true' flashvars='file=http://www4a.rockdizfile.com:80/d/wolc22zkfp4r2ge4elcuugteixfmw7h2yrxy2bvxyc73psaqhhbd2hix/8noptiencs83.mp3&duration=193.4' /></object>

但是为什么过滤功能会返回呢?

<object width="450" height="24" data="http://rockdizfile.com.com/player/player.swf" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://rockdizfile.com.com/player/player.swf" /><param name="wmode" value="transparent" /><param name="flashvars" value="file=http://www4a.rockdizfile.com:80/d/wolc22zkfp4r2ge4elcuugteixfmw7h2yrxy2bvxyc73psaqhhbd2hix/8noptiencs83.mp3&amp;duration=193.4" /

有两个警告:

  

警告:元素'object'中的属性'classid'不受支持

     

警告:元素'embed'中的属性'allowfullscreen'不受支持

0 个答案:

没有答案