PHP 移除 JavaScript
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1886740/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP Remove JavaScript
提问by Saxtor
I am trying to remove JavaScript from the HTML.
我正在尝试从 HTML 中删除 JavaScript。
I can't get the regular expression to work with PHP; it's giving me an null array. Why?
我无法让正则表达式与 PHP 一起使用;它给了我一个空数组。为什么?
<?php
$var = '
<script type="text/javascript">
function selectCode(a)
{
var e = a.parentNode.parentNode.getElementsByTagName(PRE)[0];
if (window.getSelection)
{
var s = window.getSelection();
if (s.setBaseAndExtent)
{
s.setBaseAndExtent(e, 0, e, e.innerText.length - 1);
}
else
{
var r = document.createRange();
r.selectNodeContents(e);
s.removeAllRanges();
s.addRange(r);
}
}
else if (document.getSelection)
{
var s = document.getSelection();
var r = document.createRange();
r.selectNodeContents(e);
s.removeAllRanges();
s.addRange(r);
}
else if (document.selection)
{
var r = document.body.createTextRange();
r.moveToElementText(e);
r.select();
}
}
</script>
';
function remove_javascript($java){
echo preg_replace('/<script\b[^>]*>(.*?)<\/script>/i', "", $java);
}
?>
回答by Tjofras
this should do it:
这应该这样做:
echo preg_replace('/<script\b[^>]*>(.*?)<\/script>/is', "", $var);
/s is so that the dot . matches newlines too.
/s 是这样的点。也匹配换行符。
Just a warning, you should not use this type of regexp to sanitize user input for a website. There is just too many ways to get around it. For sanitizing use something like the http://htmlpurifier.org/library
只是一个警告,您不应该使用这种类型的正则表达式来清理网站的用户输入。绕过它的方法太多了。为了消毒使用类似http://htmlpurifier.org/库的东西
回答by deceze
This might do more than you want, but depending on your situation you might want to look at strip_tags.
这可能比您想要的更多,但根据您的情况,您可能需要查看strip_tags.
回答by Soe Min Thu
function clean_jscode($script_str) {
$script_str = htmlspecialchars_decode($script_str);
$search_arr = array('<script', '</script>');
$script_str = str_ireplace($search_arr, $search_arr, $script_str);
$split_arr = explode('<script', $script_str);
$remove_jscode_arr = array();
foreach($split_arr as $key => $val) {
$newarr = explode('</script>', $split_arr[$key]);
$remove_jscode_arr[] = ($key == 0) ? $newarr[0] : $newarr[1];
}
return implode('', $remove_jscode_arr);
}
回答by tosh
In your case you could regard the string as a list of newline delimited strings and remove the lines containing the script tags(first & second to last) and you wouldn't even need regular expressions.
在您的情况下,您可以将字符串视为换行符分隔的字符串列表,并删除包含脚本标记的行(第一个和第二个到最后一个),您甚至不需要正则表达式。
Though if what you are trying to do is preventing XSSit might not be sufficient to only remove script tags.
但是,如果您尝试做的是防止XSS,那么仅删除脚本标签可能是不够的。
回答by bng44270
Here's an idea
这是一个想法
while (true) {
if ($beginning = strpos($var,"<script")) {
$stringLength = (strpos($var,"</script>") + strlen("</script>")) - $beginning;
substr_replace($var, "", $beginning, $stringLength);
} else {
break
}
}
回答by Tamás Pap
I use this:
我用这个:
function clear_text($s) {
$do = true;
while ($do) {
$start = stripos($s,'<script');
$stop = stripos($s,'</script>');
if ((is_numeric($start))&&(is_numeric($stop))) {
$s = substr($s,0,$start).substr($s,($stop+strlen('</script>')));
} else {
$do = false;
}
}
return trim($s);
}
回答by pejman kheyri
this was very usefull for me. try this code.
这对我非常有用。试试这个代码。
while(($pos = stripos($content,"<script"))!==false){
$end_pos = stripos($content,"</script>");
$start = substr($content, 0, $pos);
$end = substr($content, $end_pos+strlen("</script>"));
$content = $start.$end;
}
$text = strip_tags($content);
