我使用HTMLPurifier来转义我网站中的字符。有效地将所有<和>转换为>和<。我还希望在网站中显示代码,但在使用<pre><code>...</code></pre>将代码放入网站时,而不是将>和<符号呈现为<和{{1它们保持显示为编码>。
我知道 > 标签用于显示预先格式化的文字
我如何安全地转换这些符号(<pre>&amp; >),只有在<标记中包含以呈现为(<pre><code>...</code></pre>&amp; {{1使用JS / JQuery?
<转换为>
注意:渲染HTML标记时不会发生这种情况。我相信它是由HTMLPurifier引起的。
HTML正确呈现为
<php 'default' => 'local'我在网站上使用Markdown,我的HTMLPurifier配置如下:
<php 'default' => 'local'这个问题让我搜索了以前的代码。问题来自Markdown解析器,它是 Parsedown 而不是Purifier。净化器工作正常。我已在下面添加了Markdown配置和使用代码:
<div>
...Some code here...
</div>
用法:
<?php
/**
* Ok, glad you are here
* first we get a config instance, and set the settings
* $config = HTMLPurifier_Config::createDefault();
* $config->set('Core.Encoding', $this->config->get('purifier.encoding'));
* $config->set('Cache.SerializerPath', $this->config->get('purifier.cachePath'));
* if ( ! $this->config->get('purifier.finalize')) {
* $config->autoFinalize = false;
* }
* $config->loadArray($this->getConfig());
*
* You must NOT delete the default settings
* anything in settings should be compacted with params that needed to instance HTMLPurifier_Config.
*
* @link http://htmlpurifier.org/live/configdoc/plain.html
*/
return [
'encoding' => 'UTF-8',
'finalize' => true,
'cachePath' => storage_path('app/purifier'),
'cacheFileMode' => 0755,
'settings' => [
'default' => [
'HTML.Doctype' => 'HTML 4.01 Transitional',
'HTML.Allowed' => 'blockquote,h1,h2,h3,h4,h5,h6,pre,code,div[class],b,strong,i,em,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]',
'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
'AutoFormat.AutoParagraph' => false,
'AutoFormat.RemoveEmpty' => true,
],
'test' => [
'Attr.EnableID' => true
],
"youtube" => [
"HTML.SafeIframe" => 'true',
"URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%",
],
],
];
This is the method I'm using to call the Purifier
public function store(Request $request)
{
//Validate the data
$this->validate($request, array(
'title' => 'required|max:255',
'slug' => 'required|alpha_dash|min:5|max:255|unique:posts,slug',
'category_id' =>'required|integer',
'body' => 'required'
));
//Store in the database
$post = new Post;
$post->title = $request->title;
$post->slug = $request->slug;
$post->category_id = $request->category_id;
$post->body = Purifier::clean($request->body, "youtube");
$post->save();
$post->tags()->sync($request->tags, false);
Session::flash('success', 'AWESOMESAUCE! Your post was saved successfully!');
//redirect to another page
return redirect()->route('posts.show', $post->id);
}
答案 0 :(得分:0)
使用htmlspecialchars()函数来实现此目的,htmlspecialchars()函数转换预定义字符&#34;&lt;&#34; (小于)和&#34;&gt;&#34; (大于)HTML实体:
<?php
$str = "This is some <b>bold</b> text.";
echo htmlspecialchars($str);
?>
这将打印:
This is some <b>bold</b> text.
答案 1 :(得分:0)
我已经解决了在Purifier配置中添加到 HTML.Allowed 属性的问题:
pre[class],code
然后我仅使用以下代码清除代码:
$post->body = clean($request->body, "youtube");
如果您将TinyMCE用作编辑器,则还必须将其添加到属性 extended_valid_elements :
extended_valid_elements: 'a[href|target],pre[class],code',