本文介绍了禁用元素内的某些标签和JavaScript?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我经营一个论坛,并且有一个选项可以在帖子中启用完整的html编码.但是,它没有选择禁用javascript和标签,这让我很恼火.出于安全原因,我想禁用它们,这使我想到了一个问题:是否可以通过jquery或javascript实现此目的?我一直在搜索,但无济于事.

I run a forum and there's an option to enable full html coding in posts. However, it does not have the option to disable javascript and tags, to my chagrin. For security reasons, I wanted to disable them, which brings me to the question: is there any way via jquery or javascript to accomplish this? I have been searching for it but to no avail.

注意:所有帖子都包含在<div class="postcolor"></div>标记中.

Note: All posts are enclosed in <div class="postcolor"></div> tags.

谢谢!

推荐答案

实际上,这个问题比您想象的要复杂.即使删除脚本标签,当用户插入<a href="javascript:function();">,之类的内容或禁用Javascript时,会发生什么情况?

This question is actually more complicated then you think. Even if you remove script tags, what happens when the user inserts something like <a href="javascript:function();">,, or Javascript is disabled?

使用服务器端语言为您执行此处理会更好.由于PHP是一种常用的服务器端语言,因此下面是PHP的strip_tags()函数(作为示例):

It would be much better to use a server-side language to do this processing for you. Since PHP is a commonly used server-side language, here's PHP's strip_tags() function (as an example):

$allowed_tags = "<p><strong><i>";
strip_tags($post, $allowed_tags);

这篇关于禁用元素内的某些标签和JavaScript?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-18 10:14