部分强大的在线编辑器,已经包含了代码整理,过滤功能,但js处理的能被很轻易的饶过,服务端必须要再次过滤一次,这几天花了点时间,写了部分,希望对大家有点用处,本人能力有限,还请有能力的朋友补全它。/*不需要过滤的数组*/$htm_on=array("","","","","","","","","","","","","font");$htm_on_uper=array("","","","","","","","","","","","","FONT");/*字符格式*/$str=strtolower($str);$str=preg_replace("//s+/", " ", $str);//过滤回车$str=preg_replace("/ +/", " ", $str);//过滤多个空格/*过滤/替换几种形式的js*/$str=preg_replace("/<(script.*?)>(.*?)<(//script.*?)>/si","",$str);//删除。。。格式,//$str=preg_replace("/<(script.*?)>(.*?)<(//script.*?)>/si","/1>//2/3>",$str);//替换为可以显示的,$str=preg_replace("/<(script.*?)>/si","",$str);//删除未封闭<br>//$str=preg_replace("/<(script.*?)>/si","<//1>",$str);//替换未封闭<br><br>/*删除/替换表单*/<br>$str=preg_replace("/<(//?form.*?)>/si","",$str);//删除表单<br>//$str=preg_replace("/<(//?form.*?)>/si","<//1>",$str);//替换表单<br><br>$str=preg_replace("/<(i?frame.*?)>(.*?)<(//i?frame.*?)>/si","",$str);//删除框架<br>//$str=preg_replace("/<(i?frame.*?)>(.*?)<(//i?frame.*?)>/si","<//1>//2<//3>",$str);//替换框架<br><br>/*过滤on事件*/<br>$str=preg_replace("/href=(.+?)([/"|/'| |>])/ie","'href='.strtoupper('//1').'//2'",$str);//把href=涉及到的on转换为大写。<br>$str=str_replace($htm_on,$htm_on_uper,$str);//把<font,font>换为大写,dhtml标签字符,正则判断太烦琐,采用转换办法。<br>$str=preg_replace("/(on[^ /.<>]+?)([ |>])/s","//2",$str);//取掉on事件<br><br>/*过滤超级连接的js*/<br>$str=preg_replace("/(href|src|background|url|dynsrc|expression|codebase)[=:/(]([ /"/']*?/w+/..*?|javascript|vbscript:[^>]*?)(/)?)([ >//])/si","//1='#' //3//4",$str);//取掉href=javascript:<br><br>//返回小写字符<br>$str=strtolower($str);<br>$str=str_replace("&","&",$str);</p> <div></div> <!--<p class='doc-content-pic doc-pic'><img src="https://img.php.cn/upload/article/000/000/007/ff385415f5502cad4a11468c06fab82e-0.jpg" / alt="过滤html在线编辑器产生有危害代码 " > </p>-->