",""," ","","

Home  >  Article  >  Web Front-end  >  Filter HTML online editors to generate harmful code

Filter HTML online editors to generate harmful code

巴扎黑
巴扎黑Original
2017-03-30 15:01:211917browse

Some powerful online editors already include code sorting and filtering functions, but js processing can be easily ignored. The server must filter again. It took a few days I took some time and wrote part of it. I hope it will be of some use to everyone. My ability is limited, so I would like to ask capable friends to complete it.



/*Array that does not require filtering*/
$htm_on=array(
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"font");

$htm_on_uper=array(
"",
"",
"< BUTTON","BUTTON>",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"FONT");

/* Character format*/
$str=strtolower($str);
$str=preg_replace("//s+/", " ", $str);//Filter carriage return
$str=preg_replace ("/ +/", " ", $str);//Filter multiple spaces

/*Filter/replace several forms of js*/
$str=preg_replace("/< (script.*?)>(.*?)<(//script.*?)>/si","",$str);//Delete <script>. . . </script>Format,
//$str=preg_replace("/<(script.*?)>(.*?)<(//script.*?)>/si", "//2",$str);//Replace with something that can be displayed,

$str=preg_replace("/<(script.*?) >/si","",$str);//Delete