1

i am trying to covert HTML to entities using PHP, but i need to except <br> and <a> tags.

here's an example of my code

 <?php 
  $string[0] = "<a href='http://hidd3n.tk'>Needs to stay</a> Filler text in between 
 <br><br> <script src='http://malicious.com/'></script> NEEDS to go";
  $string[1] = htmlentities($string[0], ENT_QUOTES, "UTF-8");
 ?>
4

2 回答 2

3

让我建议您使用更安全的BBCode 。

于 2012-05-01T11:54:00.077 回答
-3

编辑:

好的,我想出了一个办法。

使用此功能比以前的功能更安全:

function convert_myhtml_entities($string){
    $string = htmlentities($string, ENT_NOQUOTES, "UTF-8");
    $string = preg_replace('/&lt;\s*br\s*(\/|)\s*&gt;/U','<br$1>',$string);
    $string = preg_replace('/&lt;\s*a(.*)\s*&gt;/U','<a$1>',$string);
    $string = preg_replace('/&lt;\s*\/\s*a\s*&gt;/U','</a>',$string);
    return $string;
}

现在它是用上面的字符串测试的。

于 2012-05-01T11:35:36.397 回答