Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/297.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php FILTER_SANITIZE_字符串不应从WYSIWYG编辑器中删除html,而只应删除不安全的标记,如_Php_Html_Xss - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php FILTER_SANITIZE_字符串不应从WYSIWYG编辑器中删除html,而只应删除不安全的标记,如

Php FILTER_SANITIZE_字符串不应从WYSIWYG编辑器中删除html,而只应删除不安全的标记,如

php html

Php FILTER_SANITIZE_字符串不应从WYSIWYG编辑器中删除html,而只应删除不安全的标记,如,php,html,xss,Php,Html,Xss,我已经编写并使用以下函数删除任何不安全的标记,以防止跨站点脚本编写-XSS:: function xss_clean_input($data) { if(is_array($data)) { $arr_temp = array(); foreach($data as $key => $val) { $temp_val = trim($val); $temp_val = filter_var($temp_

我已经编写并使用以下函数删除任何不安全的标记,以防止跨站点脚本编写-XSS::

function xss_clean_input($data) {
    if(is_array($data)) {
        $arr_temp = array();
        foreach($data as $key => $val) {
            $temp_val = trim($val);
            $temp_val = filter_var($temp_val, FILTER_SANITIZE_STRING);
            $arr_temp[$key] = $temp_val;
        }
        return $arr_temp;
    }else {
        $data = trim($data);
        return $data = filter_var($data, FILTER_SANITIZE_STRING);
    }
}
但是这个函数也会从WYSIWYG编辑器中删除任何有效和安全的html,例如,它会删除这些内容

<html><body>This is great</body></html>
注意:我不想使用正则表达式

FILTER\u SANITIZE\u STRING表示带标签,可以选择带标签或对特殊字符进行编码。@类正确,但有没有办法解决上述问题使用FILTER\u SANITIZE\u STRINGFILTER\u SANITIZE\u STRING不能满足您的需要。使用其他东西,例如。 
This is great