问题描述

我经营一个论坛，并且有一个选项可以在帖子中启用完整的html编码.但是，它没有选择禁用javascript和标签，这让我很恼火.出于安全原因，我想禁用它们，这使我想到了一个问题:是否可以通过jquery或javascript实现此目的?我一直在搜索，但无济于事.

I run a forum and there's an option to enable full html coding in posts. However, it does not have the option to disable javascript and tags, to my chagrin. For security reasons, I wanted to disable them, which brings me to the question: is there any way via jquery or javascript to accomplish this? I have been searching for it but to no avail.

注意:所有帖子都包含在<div class="postcolor"></div>标记中.

Note: All posts are enclosed in <div class="postcolor"></div> tags.

谢谢！

推荐答案

实际上，这个问题比您想象的要复杂.即使删除脚本标签，当用户插入<a href="javascript:function();">,之类的内容或禁用Javascript时，会发生什么情况?

This question is actually more complicated then you think. Even if you remove script tags, what happens when the user inserts something like <a href="javascript:function();">,, or Javascript is disabled?

使用服务器端语言为您执行此处理会更好.由于PHP是一种常用的服务器端语言，因此下面是PHP的strip_tags()函数(作为示例):

It would be much better to use a server-side language to do this processing for you. Since PHP is a commonly used server-side language, here's PHP's strip_tags() function (as an example):

$allowed_tags = "<p><strong><i>";
strip_tags($post, $allowed_tags);

这篇关于禁用元素内的某些标签和JavaScript?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！