如何从 htmlspecialchars_decode 显示真实标签?
我正在使用 zend 框架在 php 中创建一个 cms,我选择在某些部分保存 html 模板,以方便重新设计视图和所有内容。现在要保存这些模板(视图、侧边栏),我必须使用 Zend_Filter_Input 和 Zend_Filter_HtmlEntities(array('quotestyle' => ENT_QUOTES)
原因之一是安全性,第二个原因是我使用 freeRTE 输出模板进行编辑,而 freeRTE 对quotes 所以我现在必须做点什么,
因为当我尝试将模板输出回来或者最糟糕的是在其布局中向公众显示它时,它会显示带有标签、html_entity_decode 和 htmlspecialchars_decode 的原始 html。无法做某事。示例不是显示图像,而是在页面上显示以下内容:
<div id="welcome"> <div id="welcome_img"><img src="/images/welcome.jpg" alt="welcome" /></div></div>
有任何线索吗?任何人都经历过这一点,请分享相关知识。感谢阅读。
i'm creating a cms in php using zend framework where i choose to save at some part html templates to ease redesigning of the views and all.Now to save those templates(views, sidebars) i had to use Zend_Filter_Input with Zend_Filter_HtmlEntities(array('quotestyle' => ENT_QUOTES)
one of the reasons is security, the second is that i use freeRTE to ouput the template for editing, and that freeRTE is very sensitive to quotes so i had to do something.
Now i'm hustling because when i try to output the template back or worst show it in its layout to the public, it shows raw html with tags ,html_entity_decode and htmlspecialchars_decode could not do a thing.example instead of showing the image it show the following on the page :
<div id="welcome"> <div id="welcome_img"><img src="/images/welcome.jpg" alt="welcome" /></div></div>
any clue? it anyone has experienced this please do share the knowledge on that.thanks for reading.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
保存 HTML 时不能使用 htmlentities 进行过滤。它将取代 <, >和&加上所有可替换的字符。
编辑:
从保存中删除 HTMLEntities 过滤器,因为按原样保存 HTML 将是模板编辑器的全部要点。
如果您想添加一些与安全相关的功能,请从 HTML 中删除标签以及您认为有害的所有其他 html 标签! (嵌入?)
You can't use htmlentities for filter when you save HTML. It will replace <, > and & plus all the replaceable chars.
Edit:
Remove HTMLEntities filter from saving, because saving HTML as-is would be the whole point of template-editor.
If you want to add some security related features, remove tags from the HTML and every other html tag that you find harmful! (embed?)