Home >php教程 >php手册 >PHP实现过滤各种HTML标签

PHP实现过滤各种HTML标签

WBOY
WBOYOriginal
2016-06-13 09:04:31859browse

PHP实现过滤各种HTML标签

   在做项目的过程中,我们经常需要用到过滤一些html标签来实现提高数据的安全性,其实就是删除那些对应用程序有潜在危害的数据。它用于去除标签以及删除或编码不需要的字符。

  首先分享一些比较常见的

  ?

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

$str=preg_replace("/]*?srcs*=s*('|")(.*?)\1[^>]*?/?s*>/i","", $str); //过滤img标签

 

$str=preg_replace("/s+/","", $str); //过滤多余回车

 

$str=preg_replace("/

 

$str=preg_replace("//si","",$str); //注释

 

$str=preg_replace("//si","",$str); //过滤DOCTYPE

 

$str=preg_replace("//si","",$str); //过滤html标签

 

$str=preg_replace("//si","",$str); //过滤head标签

 

$str=preg_replace("//si","",$str); //过滤meta标签

 

$str=preg_replace("//si","",$str); //过滤body标签

 

$str=preg_replace("//si","",$str); //过滤link标签

 

$str=preg_replace("//si","",$str); //过滤form标签

 

$str=preg_replace("/cookie/si","COOKIE",$str); //过滤COOKIE标签

 

$str=preg_replace("/(.*?)/si","",$str); //过滤applet标签

 

$str=preg_replace("//si","",$str); //过滤applet标签

 

$str=preg_replace("/(.*?)/si","",$str); //过滤style标签

 

$str=preg_replace("//si","",$str); //过滤style标签

 

$str=preg_replace("/(.*?)/si","",$str); //过滤title标签

 

$str=preg_replace("//si","",$str); //过滤title标签

 

$str=preg_replace("/(.*?)/si","",$str); //过滤object标签

 

$str=preg_replace("//si","",$str); //过滤object标签

 

$str=preg_replace("/(.*?)/si","",$str); //过滤noframes标签

 

$str=preg_replace("//si","",$str); //过滤noframes标签

 

$str=preg_replace("/(.*?)/si","",$str); //过滤frame标签

 

$str=preg_replace("//si","",$str); //过滤frame标签

 

$str=preg_replace("/(.*?)/si","",$str); //过滤script标签

 

$str=preg_replace("//si","",$str); //过滤script标签

 

$str=preg_replace("/javascript/si","Javascript",$str); //过滤script标签

 

$str=preg_replace("/vbscript/si","Vbscript",$str); //过滤script标签

 

$str=preg_replace("/on([a-z]+)s*=/si","On\1=",$str); //过滤script标签

 

$str=preg_replace("//si","&#",$str); //过滤script标签

  更简单些的写法:

  ?

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

function delhtml($str){ //清除html标签

$st=-1; //开始

$et=-1; //结束

$stmp=array();

$stmp[]=" ";

$len=strlen($str);

for($i=0;$i

$ss=substr($str,$i,1);

if(ord($ss)==60){ //ord("

$st=$i;

}

if(ord($ss)==62){ //ord(">")==62

$et=$i;

if($st!=-1){

$stmp[]=substr($str,$st,$et-$st+1);

}

}

}

$str=str_replace($stmp,"",$str);

return $str;

}

  再来一个:

  ?

1

2

3

4

5

6

function clear_html_label($html)

{

$search = array ("'<script>]*?>.*?</script>'si", "']*?>'si", "'([rn])[s]+'", "'&(quot|#34);'i", "'&(amp|#38);'i", "'&(lt|#60);'i", "'&(gt|#62);'i", "'&(nbsp|#160);'i", "'&(iexcl|#161);'i", "'&(cent|#162);'i", "'&(pound|#163);'i", "'&(copy|#169);'i", "'(d+);'e");

$replace = array ("", "", "1", """, "&", "", " ", chr(161), chr(162), chr(163), chr(169), "chr(1)");

return preg_replace($search, $replace, $html);

}

  以上三种方法均可以实现,不过各有优劣,小伙伴们根据自己的项目需求来选择吧。

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn