显示数据库中带有格式的 HTML 内容
我在我的 cakephp v1.3 应用程序。
我编写的配置如下:
wmd_options = {
output: "HTML",
lineLength: 40,
buttons: "bold italic | link blockquote code image | ol ul heading hr",
autostart: true
};
当我提交表单时,启用 wmd 的文本区域中的 HTML 会保存在数据库中,并对文本执行 htmlentities() 操作,然后使用 进行解码自动 html_entity_decode() 方法。
但文本显示为包含这样的 HTML 编码
你好亲爱的朋友 sadgsagasdgxcbxcbxc sadfgsgasdsgasgs
\n\n我想要确保您输入的所有内容都清晰可见。\nadasfafas\n\n
\ n\n
请帮我解决这个问题
谢谢
I have used wmd-editor in my cakephp v1.3 application.
The config which I have written is as follows:
wmd_options = {
output: "HTML",
lineLength: 40,
buttons: "bold italic | link blockquote code image | ol ul heading hr",
autostart: true
};
When I submit the form the HTML in the wmd enabled textarea is saved in the database with htmlentities() done to the text then it is decoded with html_entity_decode() method automatically.
but the text is displayed as it is including the HTML coding like this
<p><strong>hello dear friends</strong></p>\n\n<pre><code>I want to make sure that everything that you type is visible clearly.\nadasfafas\n</code></pre>\n\n<blockquote>\n <p>sadgsagasdgxcbxcbxc</p>\n</blockquote>\n\n<p><em>sadfgsgasdsgasgs</em></p>\n\n<p><b><a href="http://kumu.in">this is the link</a></b></p>
Please help me solve this problem
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
为了针对 XSS 进行清理,通常最好将原始 HTML 保存在数据库中而不进行修改,并在输出/显示时进行清理。使用清理核心库。
For sanitization against XSS its generally better to save raw HTML in database without modification and sanitize at the time of output/display. Use Sanitize core library.
由于您已将选项设置为
output: "HTML",会保存为 html,但是您可以使用strip_tags函数从文本中删除 html 标签。Since you have set the option as
output: "HTML",is is saved as html, however you can use thestrip_tagsfunction to remove html tags from the text.