Currently, when users submit content at the front-end, they generally use the html editor, which not only enriches the submitted content, but also brings a better user experience, however, the danger is that some users submit malicious html code and other illegal characters, which may cause page confusion.
Currently, when users submit content at the front-end, they generally use the html editor, which not only enriches the submitted content, but also brings a better user experience, however, the danger is that some users submit malicious html code and other illegal characters, which may cause page confusion. you can use the following filter function to relax...
See the following php code:
] *?)> /IsU ", // filters malicious code such as scripts. you can also add the object filter flash"/(<[^>] *) on [a-zA-Z] + \ s * = ([^>] *>)/isU ", // filter javascript on events ); $ tarr = array ("", "<\ 1 \ 2 \ 3>", // If you want to directly clear insecure tags, "\ 1 \ 2",); $ str = preg_replace ($ farr, $ tarr, $ str); return $ str ;} // echo filter ("script" alert ('www .phpddt.com '> script ") in a small demo;?>
Running result: <script> alert ('www .phpddt.com '> </script>
Seeing the results, we can easily solve the security crisis...