更新时间:2022-06-26 04:46:46
没有简单的方法可以接受HTML,但不能接受脚本.
There's no simple method to accept HTML, but not scripts.
您必须将HTML解析为DOM,删除DOM中所有不需要的元素和属性,并生成新的HTML.
You have to parse HTML to DOM, remove all unwanted elements and attributes in DOM and generate new HTML.
It can't be done reliably with regular expressions.
on
*属性是不够的.脚本可以嵌入在style
,src
,href
和其他属性中.
on
* attributes are not enough. Scripts can be embedded in style
, src
, href
and other attributes.
如果您使用的是PHP,请使用 HTML净化器.
If you're using PHP, then use HTML Purifier.