Drupal / CKEditor和输入过滤,如何返回干净的值?
我有一个使用 CKEditor 和 CCK 设置的 Drupal,其中有一个自定义节点,其中有一些使用 CKEditor 的附加字段,其中一个字段是“lated_news”。
我正在尝试找出安全返回数据的最佳实践。我现在所拥有的是:
$node = noad_load(35);
<h3>Related News</h3>
<?php print $node->field_related_news['0']['value']; ?>
但这会返回潜在危险的数据,因为没有对其使用过滤。
我已进入“输入设置”并启用“过滤 HTML”,但仍然遇到此问题。
有什么想法吗?最佳实践?
I have a Drupal set up with CKEditor and CCK, with a custom node which has some additional fields using CKEditor, one field being 'related_news'.
I'm trying to figure out the best practice for returning that data safely. What I have right now is:
$node = noad_load(35);
<h3>Related News</h3>
<?php print $node->field_related_news['0']['value']; ?>
But that returns potentially dangerous data, since no filtering is being used on it.
I've gone to my Input Settings and enabled Filtered HTML and I'm still getting this issue.
Any ideas? Best practices?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,当您创建 CCK 字段时,有一个设置(在“全局设置”下)
我希望您选择“过滤文本”设置。只有这样,才会对该字段进行输入过滤。
过滤后的字符串应以
$node->field_lated_news['0']['safe']形式提供First of all, when you create the CCK field, there is a setting (under Global Settings)
I hope you selected that the Filtered text setting. Only then it is input filtering done for that field.
The filtered string should be available as
$node->field_related_news['0']['safe']