doudu8291
2011-07-21 23:40
浏览 62

在PHP中将CSS白名单应用于HTML [关闭]

Lets say I have the following $string...

<span style='text-decoration:underline; display:none;'>Some text</span>

I only want to allow the style text-decoration, so I want a PHP function like the following...

$string = stripStyles($string, array("text-decoration"));

Similar to strip_tags, but using an array instead. So $string will now be...

<span style='text-decoration:underline;'>Some text</span>

I am using Cake, so if this can be done with Sanitize then all the better.

图片转代码服务由CSDN问答提供 功能建议

假设我有以下 $ string ... &lt; span style ='text-decoration:underline; display:none;'&gt;一些文字&lt; / span&gt;

我只想允许样式 text-decoration ,所以我 想要一个如下所示的PHP函数...

  $ string = stripStyles($ string,array(“text-decoration”)  ); 
   
 
 

类似于 strip_tags ,但改为使用数组。 所以 $ string 现在将是......

 &lt; span style ='text-decoration:underline;'&gt; some text&lt; / span&gt  ; 
   
 
 

我正在使用Cake,所以如果可以使用Sanitize,那就更好了。

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duandai2178 2011-07-21 23:56

    This is tricky, but you should be able to do it with DOMDocument. This should get you started, but it's likely to require some serious tweaking.

    // Load your html string
    $dom = new DOMDocument();
    $dom->loadHTML($your_html_string);
    
    // Get all the <span> tags
    $spans = $dom->getElementsByTagName("span");
    
    // Loop over the span tags
    foreach($spans as $span) {
    
      // If they have a style attribute that contains "text-decoration:"
      // attempt to replace the contents of the style attribute with only the text-decoration component.
      if ($style = $span->getAttribute("style")) {
        if (preg_match('/text-decoration:([^;]*);/i', $style)) {
          $span->setAttribute("style", preg_replace('/^(.*)text-decoration:([^;]*);(.*)$/i', "text-decoration:$2;", $style);
        }
        // Otherwise, erase the style attribute
        else $span->setAttribute("style", "");
      }
    }
    
    $output = $dom->saveHTML;
    

    It's maybe better to attempt to parse the style attributes by explode()ing on ;

    // This replaces the inner contents of the foreach ($spans as $span) above...
    
    // Instead of the preg_replace()
    $styles = explode(";", $style);
    $replaced_style = FALSE;
    foreach ($styles as $s) {
     if (preg_match('/text-decoration/', $s) {
       $span->setAttribute("style", $s);
       $replaced_style = TRUE;
     }
     //  If a text-decoration wasn't found, empty out the style
     if (!$replaced_style) $span->setAttribute("style", "");
    }
    
    点赞 打赏 评论

相关推荐 更多相似问题