这是我允许的标签:
public function filter($str) {
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8');
$config->set('HTML.SafeEmbed', true);
$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$config->set('HTML.FlashAllowFullScreen', true);
$config->set('HTML.Allowed', 'object[classid|width|height|data],param[name|value],embed[src|type|allowscriptaccess|allowfullscreen|width|height|wmode]');
$PHTML = new HTMLPurifier($config);
return $PHTML->purify($str);
}
这是嵌入代码:
<object classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000' width='450' height='24'><param name='movie' value='http://rockdizfile.com.com/player/player.swf'><param name='allowfullscreen' value='true'><param name='allowscriptaccess' value='always'><param name='wmode' value='transparent'><param name='flashvars' value='file=http://www4a.rockdizfile.com:80/d/wolc22zkfp4r2ge4elcuugteixfmw7h2yrxy2bvxyc73psaqhhbd2hix/8noptiencs83.mp3&duration=193.4'><embed src='http://rockdizfile.com/player/player.swf' width='420' height='24' allowscriptaccess='always' allowfullscreen='true' flashvars='file=http://www4a.rockdizfile.com:80/d/wolc22zkfp4r2ge4elcuugteixfmw7h2yrxy2bvxyc73psaqhhbd2hix/8noptiencs83.mp3&duration=193.4' /></object>
但是为什么过滤功能会返回呢?
<object width="450" height="24" data="http://rockdizfile.com.com/player/player.swf" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://rockdizfile.com.com/player/player.swf" /><param name="wmode" value="transparent" /><param name="flashvars" value="file=http://www4a.rockdizfile.com:80/d/wolc22zkfp4r2ge4elcuugteixfmw7h2yrxy2bvxyc73psaqhhbd2hix/8noptiencs83.mp3&duration=193.4" /
有两个警告:
警告:元素'object'中的属性'classid'不受支持
警告:元素'embed'中的属性'allowfullscreen'不受支持