如何解决符合HTML5的HTML过滤器
| 有没有简单的方法可以为HTMLPurifier添加HTML5规则集? 可以将HP配置为通过以下方式识别新标签:// setup configurable HP instance
$config = HTMLPurifier_Config::createDefault();
$config->set(\'HTML.DefinitionID\',\'html5 draft\');
$config->set(\'HTML.DefinitionRev\',1);
$config->set(\'Cache.DefinitionImpl\',null); // no caching
$def = $config->getHTMLDefinition(true);
// add a new tag
$form = $def->addElement(
\'article\',// name
\'Block\',// content set
\'Flow\',// allowed children
\'Common\',// attribute collection
array( // attributes
)
);
// add a new attribute
$def->addAttribute(\'a\',\'contextmenu\',\"ID\");
但是,这显然是一项工作。由于必须注册许多新的HTML5标签和属性。并且即使使用现有的HTML 4标签,新的全局属性也应该可以组合。 (很难从文档中判断如何扩充核心规则)。因此,是否有更有用的配置格式/数组结构可将新的和更新的标记+属性+上下文配置(内联/块/空/流/ ..)馈送到HTMLPurifier中?
# mostly confused about how to extend existing tags:
$def->addAttribute(\'input\',\'type\',\"...|...|...\");
# or how to allow data-* attributes (if I actually wanted that):
$def->addAttribute(\"data-*\",...
当然,并非所有新的HTML5标签都适合无限制的配额。 HTMLPurifier就是关于内容过滤的。定义值约束就是在这里。 -例如,<canvas>
在用户内容中显示时可能没什么大不了的。因为没有Javascript(HP已经过滤掉了),它充其量是没有用的。但是其他标签和属性可能是不可取的。因此,灵活的配置结构对于启用/禁用标签及其相关属性至关重要。
(猜猜我应该更新一些研究...)。但是,仍然没有适合HP配置的实用的纲要/规范(不,XML DTD不是)。
http://simon.html5.org/html-elements
http://www.w3.org/TR/html5-diff/#new-elements
http://www.w3.org/TR/html5-diff/#new-attributes
(嗯,HTML5不再是草稿。)
解决方法
php tidy扩展名可以配置为识别html5标签。 http://tidy.sourceforge.net/docs/quickref.html#new-blocklevel-tags
,HTMLpurify具有此配置,以允许更新的HTML5标签。
来源:https://github.com/kennberg/php-htmlpurfier-html5
。
<?php
/**
* Load HTMLPurifier with HTML5,TinyMCE,YouTube,Video support.
*
* Copyright 2014 Alex Kennberg (https://github.com/kennberg/php-htmlpurifier-html5)
*
* Licensed under the Apache License,Version 2.0 (the \"License\");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,software
* distributed under the License is distributed on an \"AS IS\" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once(LIB_DIR . \'third-party/htmlpurifier/HTMLPurifier.safe-includes.php\');
function load_htmlpurifier($allowed) {
$config = HTMLPurifier_Config::createDefault();
$config->set(\'HTML.Doctype\',\'HTML 4.01 Transitional\');
$config->set(\'CSS.AllowTricky\',true);
$config->set(\'Cache.SerializerPath\',\'/tmp\');
// Allow iframes from:
// o YouTube.com
// o Vimeo.com
$config->set(\'HTML.SafeIframe\',true);
$config->set(\'URI.SafeIframeRegexp\',\'%^(http:|https:)?//(www.youtube(?:-nocookie)?.com/embed/|player.vimeo.com/video/)%\');
$config->set(\'HTML.Allowed\',implode(\',\',$allowed));
// Set some HTML5 properties
$config->set(\'HTML.DefinitionID\',\'html5-definitions\'); // unqiue id
$config->set(\'HTML.DefinitionRev\',1);
if ($def = $config->maybeGetRawHTMLDefinition()) {
// http://developers.whatwg.org/sections.html
$def->addElement(\'section\',\'Block\',\'Flow\',\'Common\');
$def->addElement(\'nav\',\'Common\');
$def->addElement(\'article\',\'Common\');
$def->addElement(\'aside\',\'Common\');
$def->addElement(\'header\',\'Common\');
$def->addElement(\'footer\',\'Common\');
// Content model actually excludes several tags,not modelled here
$def->addElement(\'address\',\'Common\');
$def->addElement(\'hgroup\',\'Required: h1 | h2 | h3 | h4 | h5 | h6\',\'Common\');
// http://developers.whatwg.org/grouping-content.html
$def->addElement(\'figure\',\'Optional: (figcaption,Flow) | (Flow,figcaption) | Flow\',\'Common\');
$def->addElement(\'figcaption\',\'Inline\',\'Common\');
// http://developers.whatwg.org/the-video-element.html#the-video-element
$def->addElement(\'video\',\'Optional: (source,source) | Flow\',\'Common\',array(
\'src\' => \'URI\',\'type\' => \'Text\',\'width\' => \'Length\',\'height\' => \'Length\',\'poster\' => \'URI\',\'preload\' => \'Enum#auto,metadata,none\',\'controls\' => \'Bool\',));
$def->addElement(\'source\',));
// http://developers.whatwg.org/text-level-semantics.html
$def->addElement(\'s\',\'Common\');
$def->addElement(\'var\',\'Common\');
$def->addElement(\'sub\',\'Common\');
$def->addElement(\'sup\',\'Common\');
$def->addElement(\'mark\',\'Common\');
$def->addElement(\'wbr\',\'Empty\',\'Core\');
// http://developers.whatwg.org/edits.html
$def->addElement(\'ins\',array(\'cite\' => \'URI\',\'datetime\' => \'CDATA\'));
$def->addElement(\'del\',\'datetime\' => \'CDATA\'));
// TinyMCE
$def->addAttribute(\'img\',\'data-mce-src\',\'Text\');
$def->addAttribute(\'img\',\'data-mce-json\',\'Text\');
// Others
$def->addAttribute(\'iframe\',\'allowfullscreen\',\'Bool\');
$def->addAttribute(\'table\',\'height\',\'Text\');
$def->addAttribute(\'td\',\'border\',\'Text\');
$def->addAttribute(\'th\',\'Text\');
$def->addAttribute(\'tr\',\'width\',\'Text\');
}
return new HTMLPurifier($config);
}
,即时通讯使用的WordPress修复程序,但也许这也可以帮助您(至少对于数组部分)
http://nicolasgallagher.com/using-html5-elements-in-wordpress-post-content/
http://hybridgarden.com/blog/misc/adding-html5-capability-to-wordpress/
也:
http://code.google.com/p/html5lib/的Python和PHP实现
基于WHATWG HTML5规范的HTML解析器
与主要的桌面网络浏览器兼容。
,我知道这个话题确实很老,但是由于它仍然很重要,因此我决定做出回应。自最初提出问题以来,尤其是当景观发生变化时。
您可以使用https://github.com/xemlock/htmlpurifier-html5,它使用符合规范的HTML5元素和属性定义扩展了HTML Purifier。
用法与原始HTML Purifier几乎相同,只需将HTMLPurifier_Config
替换为HTMLPurifier_HTML5Config
:
$config = HTMLPurifier_HTML5Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html5 = $purifier->purify($dirty_html5);
免责声明:我是扩展程序的作者。
,Gallery Role具有基于HTMLPurifier的实验性HTML5解析器:
https://github.com/gallery/gallery3-vendor/blob/master/htmlpurifier/modified/HTMLPurifier/Lexer/PH5P.php
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。