开发者

Applying a CSS whitelist to HTML in PHP [closed]

问答 作者:
Closed. This question is off-topic. It is not currently accepting answers.
开发者_JAVA技巧

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 11 years ago.

Improve this question

Lets say I have the following $string...

<span style='text-decoration:underline; display:none;'>Some text</span>

I only want to allow the style text-decoration, so I want a PHP function like the following...

$string = stripStyles($string, array("text-decoration"));

Similar to strip_tags, but using an array instead. So $string will now be...

<span style='text-decoration:underline;'>Some text</span>

I am using Cake, so if this can be done with Sanitize then all the better.

This is tricky, but you should be able to do it with DOMDocument. This should get you started, but it's likely to require some serious tweaking.

// Load your html string
$dom = new DOMDocument();
$dom->loadHTML($your_html_string);

// Get all the <span> tags
$spans = $dom->getElementsByTagName("span");

// Loop over the span tags
foreach($spans as $span) {

  // If they have a style attribute that contains "text-decoration:"
  // attempt to replace the contents of the style attribute with only the text-decoration component.
  if ($style = $span->getAttribute("style")) {
    if (preg_match('/text-decoration:([^;]*);/i', $style)) {
      $span->setAttribute("style", preg_replace('/^(.*)text-decoration:([^;]*);(.*)$/i', "text-decoration:$2;", $style);
    }
    // Otherwise, erase the style attribute
    else $span->setAttribute("style", "");
  }
}

$output = $dom->saveHTML;

It's maybe better to attempt to parse the style attributes by explode()ing on ;

// This replaces the inner contents of the foreach ($spans as $span) above...

// Instead of the preg_replace()
$styles = explode(";", $style);
$replaced_style = FALSE;
foreach ($styles as $s) {
 if (preg_match('/text-decoration/', $s) {
   $span->setAttribute("style", $s);
   $replaced_style = TRUE;
 }
 //  If a text-decoration wasn't found, empty out the style
 if (!$replaced_style) $span->setAttribute("style", "");
}

继续阅读:cakephpphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9