符合HTML5的HTML过滤器

如何解决符合HTML5的HTML过滤器

| 有没有简单的方法可以为HTMLPurifier添加HTML5规则集？可以将HP配置为通过以下方式识别新标签：

// setup configurable HP instance
$config = HTMLPurifier_Config::createDefault();
$config->set(\'HTML.DefinitionID\',\'html5 draft\');
$config->set(\'HTML.DefinitionRev\',1);
$config->set(\'Cache.DefinitionImpl\',null); // no caching
$def = $config->getHTMLDefinition(true);

// add a new tag
$form = $def->addElement(
  \'article\',// name
  \'Block\',// content set
  \'Flow\',// allowed children
  \'Common\',// attribute collection
  array(       // attributes
  )
);

// add a new attribute
$def->addAttribute(\'a\',\'contextmenu\',\"ID\");

但是，这显然是一项工作。由于必须注册许多新的HTML5标签和属性。并且即使使用现有的HTML 4标签，新的全局属性也应该可以组合。（很难从文档中判断如何扩充核心规则）。因此，是否有更有用的配置格式/数组结构可将新的和更新的标记+属性+上下文配置（内联/块/空/流/ ..）馈送到HTMLPurifier中？

# mostly confused about how to extend existing tags:
$def->addAttribute(\'input\',\'type\',\"...|...|...\");

# or how to allow data-* attributes (if I actually wanted that):
$def->addAttribute(\"data-*\",...

当然，并非所有新的HTML5标签都适合无限制的配额。 HTMLPurifier就是关于内容过滤的。定义值约束就是在这里。 -例如，<canvas>在用户内容中显示时可能没什么大不了的。因为没有Javascript（HP已经过滤掉了），它充其量是没有用的。但是其他标签和属性可能是不可取的。因此，灵活的配置结构对于启用/禁用标签及其相关属性至关重要。（猜猜我应该更新一些研究...）。但是，仍然没有适合HP配置的实用的纲要/规范（不，XML DTD不是）。 http://simon.html5.org/html-elements http://www.w3.org/TR/html5-diff/#new-elements http://www.w3.org/TR/html5-diff/#new-attributes （嗯，HTML5不再是草稿。）

解决方法

php tidy扩展名可以配置为识别html5标签。 http://tidy.sourceforge.net/docs/quickref.html#new-blocklevel-tags ,HTMLpurify具有此配置，以允许更新的HTML5标签。来源：https://github.com/kennberg/php-htmlpurfier-html5 。

<?php
/**
 * Load HTMLPurifier with HTML5,TinyMCE,YouTube,Video support.
 *
 * Copyright 2014 Alex Kennberg (https://github.com/kennberg/php-htmlpurifier-html5)
 *
 * Licensed under the Apache License,Version 2.0 (the \"License\");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,software
 * distributed under the License is distributed on an \"AS IS\" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

require_once(LIB_DIR . \'third-party/htmlpurifier/HTMLPurifier.safe-includes.php\');


function load_htmlpurifier($allowed) {
  $config = HTMLPurifier_Config::createDefault();
  $config->set(\'HTML.Doctype\',\'HTML 4.01 Transitional\');
  $config->set(\'CSS.AllowTricky\',true);
  $config->set(\'Cache.SerializerPath\',\'/tmp\');

  // Allow iframes from:
  // o YouTube.com
  // o Vimeo.com
  $config->set(\'HTML.SafeIframe\',true);
  $config->set(\'URI.SafeIframeRegexp\',\'%^(http:|https:)?//(www.youtube(?:-nocookie)?.com/embed/|player.vimeo.com/video/)%\');

  $config->set(\'HTML.Allowed\',implode(\',\',$allowed));

  // Set some HTML5 properties
  $config->set(\'HTML.DefinitionID\',\'html5-definitions\'); // unqiue id
  $config->set(\'HTML.DefinitionRev\',1);

  if ($def = $config->maybeGetRawHTMLDefinition()) {
    // http://developers.whatwg.org/sections.html
    $def->addElement(\'section\',\'Block\',\'Flow\',\'Common\');
    $def->addElement(\'nav\',\'Common\');
    $def->addElement(\'article\',\'Common\');
    $def->addElement(\'aside\',\'Common\');
    $def->addElement(\'header\',\'Common\');
    $def->addElement(\'footer\',\'Common\');

    // Content model actually excludes several tags,not modelled here
    $def->addElement(\'address\',\'Common\');
    $def->addElement(\'hgroup\',\'Required: h1 | h2 | h3 | h4 | h5 | h6\',\'Common\');

    // http://developers.whatwg.org/grouping-content.html
    $def->addElement(\'figure\',\'Optional: (figcaption,Flow) | (Flow,figcaption) | Flow\',\'Common\');
    $def->addElement(\'figcaption\',\'Inline\',\'Common\');

    // http://developers.whatwg.org/the-video-element.html#the-video-element
    $def->addElement(\'video\',\'Optional: (source,source) | Flow\',\'Common\',array(
      \'src\' => \'URI\',\'type\' => \'Text\',\'width\' => \'Length\',\'height\' => \'Length\',\'poster\' => \'URI\',\'preload\' => \'Enum#auto,metadata,none\',\'controls\' => \'Bool\',));
    $def->addElement(\'source\',));

    // http://developers.whatwg.org/text-level-semantics.html
    $def->addElement(\'s\',\'Common\');
    $def->addElement(\'var\',\'Common\');
    $def->addElement(\'sub\',\'Common\');
    $def->addElement(\'sup\',\'Common\');
    $def->addElement(\'mark\',\'Common\');
    $def->addElement(\'wbr\',\'Empty\',\'Core\');

    // http://developers.whatwg.org/edits.html
    $def->addElement(\'ins\',array(\'cite\' => \'URI\',\'datetime\' => \'CDATA\'));
    $def->addElement(\'del\',\'datetime\' => \'CDATA\'));

    // TinyMCE
    $def->addAttribute(\'img\',\'data-mce-src\',\'Text\');
    $def->addAttribute(\'img\',\'data-mce-json\',\'Text\');

    // Others
    $def->addAttribute(\'iframe\',\'allowfullscreen\',\'Bool\');
    $def->addAttribute(\'table\',\'height\',\'Text\');
    $def->addAttribute(\'td\',\'border\',\'Text\');
    $def->addAttribute(\'th\',\'Text\');
    $def->addAttribute(\'tr\',\'width\',\'Text\');
  }

  return new HTMLPurifier($config);
}

,即时通讯使用的WordPress修复程序，但也许这也可以帮助您（至少对于数组部分） http://nicolasgallagher.com/using-html5-elements-in-wordpress-post-content/ http://hybridgarden.com/blog/misc/adding-html5-capability-to-wordpress/ 也： http://code.google.com/p/html5lib/的Python和PHP实现基于WHATWG HTML5规范的HTML解析器与主要的桌面网络浏览器兼容。 ,我知道这个话题确实很老，但是由于它仍然很重要，因此我决定做出回应。自最初提出问题以来，尤其是当景观发生变化时。您可以使用https://github.com/xemlock/htmlpurifier-html5，它使用符合规范的HTML5元素和属性定义扩展了HTML Purifier。用法与原始HTML Purifier几乎相同，只需将HTMLPurifier_Config替换为HTMLPurifier_HTML5Config：

$config = HTMLPurifier_HTML5Config::createDefault();
$purifier = new HTMLPurifier($config);

$clean_html5 = $purifier->purify($dirty_html5);

免责声明：我是扩展程序的作者。 ,Gallery Role具有基于HTMLPurifier的实验性HTML5解析器： https://github.com/gallery/gallery3-vendor/blob/master/htmlpurifier/modified/HTMLPurifier/Lexer/PH5P.php

符合HTML5的HTML过滤器

如何解决符合HTML5的HTML过滤器

解决方法

相关推荐