How does mysql-Rich Text Editor work with php Background Development?

The rich text editor I know is what I see on the DZ forum. 1: But I keep wondering, isn't it because the data submitted by the client needs to be filtered? Otherwise, isn't it XXS? Is DZ processed in UBB? 2: After those rich text editors are submitted to the server, the rich text editors I know are what I see in the DZ forum.

1: But I keep wondering, isn't it because the data submitted by the client needs to be filtered? Otherwise, isn't it XXS? Is DZ processed in UBB?

2: After those rich text editors are finally submitted to the server, can those containing html code be directly stored in the database? Are users not allowed to do this?

3: What is the principle of the Markdown editor of SF? Does the background database store the html and js Code we entered?

4 ......

I have been using text boxes before, and the background filters all the labels directly. This is so simple, but only common text is available. Without DZ, users can post as powerful as they do, now I want to use a rich text editor, but I don't know how to connect to the rich text editor in the php background, such as Baidu or SF.

Then the Rich Text Editor inserts an image, which is to upload the image, then return the image address, and insert it into the content. What about the upload attachment of DZ, the images in the post will also be loaded with inertia. How can this be achieved? If the img label is inserted directly into the content, isn't it possible, or what image placeholder or something is used, then js will operate the attachment data ......

I don't understand it. I hope the experts can explain it to me. It would be much easier to see the code after I know the principle. Thank you!

Reply content:

The rich text editor I know is what I see on the DZ forum.

1: But I keep wondering, isn't it because the data submitted by the client needs to be filtered? Otherwise, isn't it XXS? Is DZ processed in UBB?

2: After those rich text editors are finally submitted to the server, can those containing html code be directly stored in the database? Are users not allowed to do this?

3: What is the principle of the Markdown editor of SF? Does the background database store the html and js Code we entered?

4 ......

I have been using text boxes before, and the background filters all the labels directly. This is so simple, but only common text is available. Without DZ, users can post as powerful as they do, now I want to use a rich text editor, but I don't know how to connect to the rich text editor in the php background, such as Baidu or SF.

Then the Rich Text Editor inserts an image, which is to upload the image, then return the image address, and insert it into the content. What about the upload attachment of DZ, the images in the post will also be loaded with inertia. How can this be achieved? If the img label is inserted directly into the content, isn't it possible, or what image placeholder or something is used, then js will operate the attachment data ......

I don't understand it. I hope the experts can explain it to me. It would be much easier to see the code after I know the principle. Thank you!

Html code is stored directly in the database.
Various editors generate html code and click Submit html code.
Do you have any questions?
Html has a pre Tag. Do you want to create it?

To prevent JS injection.
Very easy. Before PHP is output to the front end, use the str_replace function <替换成& lt;（去掉空格），把> Replace it with & gt; (remove spaces.
Please refer to Baidu "HTML special character encoding ".
Make sure that the tag does not work, and the JS Code will not be executed.

The simplest and most crude method to defend against XSS attacks is to use htmlspecialchars to put special characters(&,",',<,>)Replace with HTML Object(&"'<>)Output.

  $ Html = str_replace (array ("\ r \ n", "\ r", "\ n "),'
', $ Html); echo $ htm;

The above implementation is very simple and secure, and the display is refreshing. The editor is just like a common text box textarea.

To defend against XSS attacks, the most complicated method is to write regular expression filtering by yourself. However, the HTMLPurifier library can also complete or remove incomplete tags in addition to filtering XSS code.

  purify($html);

You can use the BBCode or Markdown tag to define some HTML functions, such as BBCode:

[B] Bold Text [/B] [color = # FF0000] Red text [/color] [img = PunBB bbcode test] http: // 127.0.0.1: 8080/punbb/img/test.png [/img] [url = http: // 127.0.0.1: 8080/punbb/] PunBB forum [/url]

The user enters the BBCode tag in the text box. When the page is output, the BBCode regular is replaced with HTML, Which is filtered by HTMLPurifier and then output safely.

The editor of SF is the markdown syntax editor. The source code is as follows:

A well-structured, easy-to-maintain, modern PHP Markdown parser

I also see the kind of editor on the internet, tangled