萬盛學電腦網

 萬盛學電腦網 >> 網絡編程 >> php編程 >> PHP實現過濾各種HTML標簽

PHP實現過濾各種HTML標簽

   在做項目的過程中,我們經常需要用到過濾一些html標簽來實現提高數據的安全性,其實就是刪除那些對應用程序有潛在危害的數據。它用於去除標簽以及刪除或編碼不需要的字符。

  首先分享一些比較常見的

  ?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 $str=preg_replace("/<s*imgs+[^>]*?srcs*=s*('|")(.*?)1[^>]*?/?s*>/i","", $str); //過濾img標簽   $str=preg_replace("/s+/","", $str); //過濾多余回車   $str=preg_replace("/<[ ]+/si","<",$str); //過濾<__("<"號後面帶空格)   $str=preg_replace("/<!--.*?-->/si","",$str); //注釋   $str=preg_replace("/<(!.*?)>/si","",$str); //過濾DOCTYPE   $str=preg_replace("/<(/?html.*?)>/si","",$str); //過濾html標簽   $str=preg_replace("/<(/?head.*?)>/si","",$str); //過濾head標簽   $str=preg_replace("/<(/?meta.*?)>/si","",$str); //過濾meta標簽   $str=preg_replace("/<(/?body.*?)>/si","",$str); //過濾body標簽   $str=preg_replace("/<(/?link.*?)>/si","",$str); //過濾link標簽   $str=preg_replace("/<(/?form.*?)>/si","",$str); //過濾form標簽   $str=preg_replace("/cookie/si","COOKIE",$str); //過濾COOKIE標簽   $str=preg_replace("/<(applet.*?)>(.*?)<(/applet.*?)>/si","",$str); //過濾applet標簽   $str=preg_replace("/<(/?applet.*?)>/si","",$str); //過濾applet標簽   $str=preg_replace("/<(style.*?)>(.*?)<(/style.*?)>/si","",$str); //過濾style標簽   $str=preg_replace("/<(/?style.*?)>/si","",$str); //過濾style標簽   $str=preg_replace("/<(title.*?)>(.*?)<(/title.*?)>/si","",$str); //過濾title標簽   $str=preg_replace("/<(/?title.*?)>/si","",$str); //過濾title標簽   $str=preg_replace("/<(object.*?)>(.*?)<(/object.*?)>/si","",$str); //過濾object標簽   $str=preg_replace("/<(/?objec.*?)>/si","",$str); //過濾object標簽   $str=preg_replace("/<(noframes.*?)>(.*?)<(/noframes.*?)>/si","",$str); //過濾noframes標簽   $str=preg_replace("/<(/?noframes.*?)>/si","",$str); //過濾noframes標簽   $str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","",$str); //過濾frame標簽   $str=preg_replace("/<(/?i?frame.*?)>/si","",$str); //過濾frame標簽   $str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","",$str); //過濾script標簽   $str=preg_replace("/<(/?script.*?)>/si","",$str); //過濾script標簽   $str=preg_replace("/javascript/si","Javascript",$str); //過濾script標簽   $str=preg_replace("/vbscript/si","Vbscript",$str); //過濾script標簽   $str=preg_replace("/on([a-z]+)s*=/si","On1=",$str); //過濾script標簽   $str=preg_replace("/&#/si","&#",$str); //過濾script標簽

  更簡單些的寫法:

  ?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 function delhtml($str){ //清除html標簽 $st=-1; //開始 $et=-1; //結束 $stmp=array(); $stmp[]=" "; $len=strlen($str); for($i=0;$i<$len;$i++){ $ss=substr($str,$i,1); if(ord($ss)==60){ //ord("<")==60 $st=$i; } if(ord($ss)==62){ //ord(">")==62 $et=$i; if($st!=-1){ $stmp[]=substr($str,$st,$et-$st+1); } } } $str=str_replace($stmp,"",$str); return $str; }

  再來一個:

  ?

1 2 3 4 5 6 function clear_html_label($html) { $search = array ("'<script[^>]*?>.*?</script>'si", "'<[/!]*?[^<>]*?>'si", "'([rn])[s]+'", "'&(quot|#34);'i", "'&(amp|#38);'i", "'&(lt|#60);'i", "'&(gt|#62);'i", "'&(nbsp|#160);'i", "'&(iexcl|#161);'i", "'&(cent|#162);'i", "'&(pound|#163);'i", "'&(copy|#169);'i", "'&#(d+);'e"); $replace = array ("", "", "1", """, "&", "<", ">", " ", chr(161), chr(162), chr(163), chr(169), "chr(1)"); return preg_replace($search, $replace, $html); }

  以上三種方法均可以實現,不過各有優劣,小伙伴們根據自己的項目需求來選擇吧。

copyright © 萬盛學電腦網 all rights reserved