转义除 html 标签之外的自定义标签

发布于 2025-01-12 17:15:00 字数 626 浏览 3 评论 0原文

我想转义除 HTML 标签（如强、粗体、斜体）之外的自定义标签。

 Input: "Hello World! <notification>Name</notification><nat>Nat tag</nat> <strong>This should be strong</strong><nas>Nas Tag</nas>"

Output: Hello World! <notification>Name</notification> <nat>Nat tag</nat>**This should be strong**<nas> Nas Tag</nas>

string.replace(//g, ">") .replace(/"/g, """).replace(/'/g, "'")
.replace(/<(?!/?strong>)[^>]+>/g, '')

我尝试使用上面的替换，但它也替换 ;与<强> 任何帮助将不胜感激。

原文

I want to escape custom tags except for HTML tags such as strong, bold, italic.

 Input: "Hello World! <notification>Name</notification><nat>Nat tag</nat> <strong>This should be strong</strong><nas>Nas Tag</nas>"

Output: Hello World! <notification>Name</notification> <nat>Nat tag</nat>**This should be strong**<nas> Nas Tag</nas>

string.replace(/</g, "<").replace(/>/g, ">")
.replace(/"/g, """).replace(/'/g, "'")
.replace(/<(?!/?strong>)[^>]+>/g, '')

I tried with the above replace but it is also replacing <strong> with < strong >
any help would be appreciated.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

随风而去 2025-01-19 17:15:00

最好有一个允许标签的白名单，并“转义”列表中没有的任何内容。像这样的东西对于简单的实现来说是可行的，但一般来说，正则表达式不是一个解析 HTML 的好工具。

var input = "Hello World! <notification asdfasd=asd>Name</notification><nat>Nat tag</nat> <strong>This should be strong</strong><nas>Nas Tag</nas>"

var output = escapeCustomTags(input, ['strong'])
console.log(output);

function escapeCustomTags(input, allowed_tags = []) {

  // Make allowed tags array lower case
  allowed_tags = allowed_tags.map(c => c.toLowerCase());

  // Output is the input, edited
  var output = input;

  // Attempt to match an opening or closing HTML tag
  var reg = /<\/?([a-zA_Z0-9]*)[^>]*?>/g;

  // An array that will contain all disallowed tags
  var disallowed_tags = [];

  // For each tag in the input, if it's allowed, skip
  // Else, add it to the array.
  var match;
  while ((match = reg.exec(input)) !== null) {
    if (allowed_tags.includes(match[1].toLowerCase())) continue;
    disallowed_tags.push(match[0]);
  }

  // Replace each disallowed tag with the "escaped" version
  disallowed_tags.forEach(tag => {
    var find = tag;
    var replace = tag.replace('<', '<').replace('>', '>');
    output = output.replace(find, replace)
  });

  return output;
}

Better to have a whitelist of allowed tags and "escape" anything that isn't in the list. Something like this will work for a simple implementation, but in general, regex is not a good tool for parsing HTML.

var input = "Hello World! <notification asdfasd=asd>Name</notification><nat>Nat tag</nat> <strong>This should be strong</strong><nas>Nas Tag</nas>"

var output = escapeCustomTags(input, ['strong'])
console.log(output);

function escapeCustomTags(input, allowed_tags = []) {

  // Make allowed tags array lower case
  allowed_tags = allowed_tags.map(c => c.toLowerCase());

  // Output is the input, edited
  var output = input;

  // Attempt to match an opening or closing HTML tag
  var reg = /<\/?([a-zA_Z0-9]*)[^>]*?>/g;

  // An array that will contain all disallowed tags
  var disallowed_tags = [];

  // For each tag in the input, if it's allowed, skip
  // Else, add it to the array.
  var match;
  while ((match = reg.exec(input)) !== null) {
    if (allowed_tags.includes(match[1].toLowerCase())) continue;
    disallowed_tags.push(match[0]);
  }

  // Replace each disallowed tag with the "escaped" version
  disallowed_tags.forEach(tag => {
    var find = tag;
    var replace = tag.replace('<', '<').replace('>', '>');
    output = output.replace(find, replace)
  });

  return output;
}

回复收藏 0 原文

~没有更多了~