Php HTMLPurifier-更改属性值而不是删除
Php HTMLPurifier-更改属性值而不是删除,php,html,htmlpurifier,Php,Html,Htmlpurifier,htmlpurifier如果不允许值,则删除属性。比如, <div contenteditable="true"></div> 此配置的结果 输入: 输出: 期望的结果 $config = \HTMLPurifier_Config::createDefault(); $config->set('HTML.Allowed', 'div[contenteditable]'); $config->set('HTML.TargetNoopener', fa
htmlpurifier<div contenteditable="true"></div>
$config = \HTMLPurifier_Config::createDefault();
$config->set('HTML.Allowed', 'div[contenteditable]');
$config->set('HTML.TargetNoopener', false);
$config->set('HTML.TargetNoreferrer', false);
$def = $config->getHTMLDefinition(true);
$def->addAttribute('div', 'contenteditable', 'Enum#false');
我不认为有一种简单的方法可以将属性的处理更改为强制一个已知的好值,而不仅仅是删除坏值。您可能需要编写一个属性转换;大概是这样的:
class HTMLPurifier_AttrTransform_ContentEditable extends HTMLPurifier_AttrTransform
{
public function transform($attr, $config, $context)
{
if (array_key_exists('contenteditable', $attr)) {
$attr['contenteditable'] = 'true';
}
return $attr;
}
}
$htmlDef = $htmlPurifierConfiguration->getHTMLDefinition(true);
$tag = $htmlDef->addBlankElement('div');
$tag->attr_transform_post[] = new HTMLPurifier_AttrTransform_ContentEditable();
// purify down here
<div contenteditable="true"></div>
<div contenteditable="false"></div>
class HTMLPurifier_AttrTransform_ContentEditable extends HTMLPurifier_AttrTransform
{
public function transform($attr, $config, $context)
{
if (array_key_exists('contenteditable', $attr)) {
$attr['contenteditable'] = 'true';
}
return $attr;
}
}
$htmlDef = $htmlPurifierConfiguration->getHTMLDefinition(true);
$tag = $htmlDef->addBlankElement('div');
$tag->attr_transform_post[] = new HTMLPurifier_AttrTransform_ContentEditable();
// purify down here