Zend_Filter_StripTags ignoring allowed tags and attributes
I'm trying to use the following code and it still strips out all the tags. Am I doing something wrong? I'm using the newest V1.10
$allowed_tags = array('img', 'object', 'param', 'embed', 'a', 'href', 'p', 'br', 'em', 'strong', 'li', 'ol', 'span');
$allowed_attributes = array('style', 'src', 'alt', 'href', 'width', 'height', 'value', 'name', 'type', 'embed', 'quality', 'pluginspage');
Zend_Loader::loadClass('Zend_Filter_StripTags');
$html_filter = new Zend_Filter_StripTags($allowed_tags, $allowed_attributes);
$post = $html_filter->filter($this->_request->getPost('post'));
For a test case I've been using the same string, this is what's going in
<p><span style="background-color: #333399; color: #ff9900; text-decoration: underline;"><em><strong>This is a test</strong></em></span></p>
<p><span style="background-color: #333399; color: #ff9900;"><strong><em><sub><span style="background-color: #ffffff;"><span style="color: #000000;">asdf</span></span></sub></em></strong></span></p>
<p><span style="background-color: #333399; color: #ff9900;"><strong><em><span style="background-color: #ffffff;"><span style="color: #000000;"><sup>asdf</sup></span></span></em></strong></span></p>
<p><span style="background-color: #333399; color: #ff9900;"><strong><em><span style="background-color: #ffffff;"><span style="color: #000000;"><img title="Cool" src="../../../public/scripts/tinymce/plugins/emotions/img/smiley-cool.gif" border="0" alt="Cool" />asdf</span></span></em></strong></span></p>
<ul>
<li><span style="background-color: #333399; color: #ff9900;"><strong><em><span style="background-color: #ffffff开发者_C百科;"><span style="color: #000000;">sadf</span></span></em></strong></span></li>
</ul>
<ol>
<li><span style="background-color: #333399; color: #ff9900;"><strong><em><span style="background-color: #ffffff;"><span style="color: #000000;">asdf</span></span></em></strong></span></li>
</ol>
This is what comes out
This is a test
asdf
asdf
asdf
sadf
asdf
Alternatively, perhaps there's something else wrong, as I just tried this:
$post = strip_tags($this->_request->getPost('elm1'), '<img><object><param><embed><a><href><p><br><em><strong><li><ol><span>');
And it stripped out everything as well. Perhaps there is a setting in PHP that I'm missing?
According to the API Doc for the StripTag Filter, the constructor signature is
void __construct ([string|array|Zend_Config $options = null])
So it should work with this (updated):
$html_filter = new Zend_Filter_StripTags(array(
'allowTags' => $allowed_tags,
'allowAttribs' => $allowed_attributes
));
In earlier versions of Zend Framework (1.8.4) you had to do
$html_filter = new Zend_Filter_StripTags($allowed_tags, $allowed_attributes);
All versions should support:
$html_filter = new Zend_Filter_StripTags;
$html_filter->setAttributesAllowed($allowed_attributes);
$html_filter->setTagsAllowed($allowed_tags);
Internally, StripTags works with str_replace and preg_replace. So even if someone added strip_tags() to the list of disallowed functions in your php.ini, the filter should work.
I've tried with your example code and it worked.
精彩评论