问题
I want to send HTML content by POST. But when fetching it and sanitizing it it also cleans the HTML characters.
$Code = filter_var_array($value, FILTER_SANITIZE_STRING);
WHen I send :
I would like to <strong>Save this data</strong>
I receive :
I would like to Save this data
What should I change to create a safe string?
edit : In my form I have a WYSIWYG editor (FCK Editor) and it's contents is where I am after.
回答1:
I have used HTMLPurifier which is a PHP filter library to sanitize HTML input.
Basic usage is something like this;
include_once('/htmlpurifier/library/HTMLpurifier.auto.php');
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean['htmlData'] = $purifier->purify($_POST['htmlData']);
来源:https://stackoverflow.com/questions/28049391/sanitize-post-content-with-html-contents