C#.net 文本过滤器
我想将我的文本过滤为特定格式。 假设我有一个像 Lorem Ipsum 这样的文本
,它只是印刷和排版行业的虚拟文本。自 1500 年代以来,Lorem Ipsum 一直是行业标准虚拟文本,[iframe width="200" height="300"][/iframe]Lorem Ipsum 只是印刷和排版行业的虚拟文本。 Lorem Ipsum 自 1500 年代以来一直是行业标准的虚拟文本,
我想将其转换为:
Lorem Ipsum 只是印刷和排版行业的虚拟文本。自 1500 年代以来,Lorem Ipsum 一直是行业标准虚拟文本, <代码>< iframe width="200" height="300">Lorem Ipsum 只是印刷和排版行业的虚拟文本。 Lorem Ipsum 自 1500 年代以来一直是行业标准虚拟文本,
Ex2 : [caption]My Caption[/caption] 将显示 My Caption< /span>
I want to filter my text to a particular format.
Suppose i have a text like
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, [iframe width="200" height="300"][/iframe]Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s,
Which i want to convert like :
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s,< iframe width="200" height="300"></iframe >Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s,
Ex2 : [caption]My Caption[/caption] will show <span class="caption">My Caption</span>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您需要解析您的内容并用 html 等效项替换预定义的“组合”。
此外,如果您接受来自成员的内容,则需要非常小心,因为您将直接通过替换来更改 html 代码。
You'd need to parse your content and replace pre-defined "combinations" with html equivalent.
Also you'd need to be very carefull if you accept content from members since you'll be directly changing the html code with the replacement.
James Deville 有一个非常好的问题 - 可能最好的解决方案是使用已经组合在一起的文本标记系统(markdown 等)。
但是,如果您决定确实需要以自定义方式执行此操作(假设会有用户输入):
只需确保不使用诸如
s/之类的内容\[/ 和s/\]/>/。这将使您容易受到漏洞的影响。有人可以输入
该内容,该内容将被翻译为
然后任何查看该文本片段的人也会无意中请求该恶意 JavaScript。
摘要:如果您这样做错误,可能会给您的网站带来严重的安全漏洞。因此,如果可能的话,请使用已经实施的系统。否则,请严格选择您接受的标签。
James Deville has a very good question - likely the best solution is to use a text markup system that has been already put together (markdown, etc.).
But if you decide you do need to do this in a custom way (assuming there will be user input):
Just make sure to NOT use anything like
s/\[/</ands/\]/>/. This will leave you wide open to vulnerabilities.Someone could enter
which would be translated into
Then anyone viewing that fragment of text would also be requesting that malicious javascript unintentionally.
Summary: If you do this wrong you can introduce serious security vulnerabilities into your site. So use an already-implemented system if at all possible. Otherwise be very selective about what tags you accept.