php - Apply htmlentities to stripped tags -

-

researched links:

how apply htmlentities selectively? , php function strip tags, except list of whitelisted tags , attributes

they close not expected.

what have tried?

<?php define('charset', 'utf-8'); define('replace_flags', ent_html5);  function htmlcleaned($string) {     $string = htmlentities($string);     return str_replace(     array("&lt;i&gt;", "&lt;b&gt;", "&lt;/i&gt;", "&lt;/b&gt;", "&lt;p&gt;", "&lt;/p&gt;"),     array("<i>", "<b>", "</i>", "</b>", "<p>", "</p>"), $string); }  echo htmlcleaned("<p>how you?</p><p><b>this bold</b></p><p><i>this italic</i></p><p><u>this underline</u></p><p><br></p><ul><li>this list item 1</li><li>this list item 2</li></ul><p><br></p><ol><li>this ordered list item 1</li><li>this ordered list item 2</li></ol><p><a target='_blank' style='color: #1c5c76;' href='http://www.google.com'>http://www.google.com</a></p><p>this plain text again.<br></p><script>alert('attempt csrf');</script><p><p>this p tag example</p></p>"); ?>

what want achieve?

if input is:

<b><script>alert("something");</script></b>

then output be:

<b>&lt;script&rt;("something");&lt;/script$rt;</b>

there no specific blacklist there specific white list.

this function might you, not highly tested. htmlentities on tags except tags specify

function html_entity_decode_matches($matches){     return html_entity_decode($matches[0]);  } function htmlentities_exclude($string, $exclude_array){     $string = htmlentities($string); //htmlentities     $ent_sl = "&gt;"; //>     if (is_array($exclude_array) , !empty($exclude_array)){         foreach($exclude_array $exc){             $exc = str_replace(array("<", ">"), "", $exc);             $ent = str_replace("/", "\/", htmlentities("<{$exc}"));             $ent_e = str_replace("/", "\/", htmlentities("</{$exc}>"));             //do decode on <tag...>             $string = preg_replace_callback("/{$ent}(.*?){$ent_sl}/", "html_entity_decode_matches", $string);             //do decode on <\tag>             $string = preg_replace_callback("/{$ent_e}/", "html_entity_decode_matches", $string);         }     }     return $string; } 
echo htmlentities_exclude('<b><script>alert("something");</script></b>', array("<b>"));  output: <b>&lt;script&gt;alert(&quot;something&quot;);&lt;/script&gt;</b>

Comments

Post a Comment

Popular posts from this blog

javascript - Laravel datatable invalid JSON response -

-
everything work fine on code below fetch user logs: js: <script> $(document).ready(function () { var table =$('#systemlogs').datatable({ responsive: true, processing: true, serverside: true, "language": { "url": "/datatables/media/plug-in/persian.json" }, ajax: '{!! url('/admin/systemlogs/data/systemlogsdatatable') !!}', columns: [ { data: 'name', name: 'name' }, { data: 'message_text', name: 'message_text' }, { data: 'remote_addr', name: 'remote_addr' }, { data: 'log_created_at', name: 'management_logs.created_at' }, { data: 'log_updated_at', name: 'management_logs.updated_at' }, ] }); }); </script> routes: route::get('/systemlogs/data/systemlogsdatatable','systemlogscontrolle...
Read more

java - Exception in thread "main" org.springframework.context.ApplicationContextException: Unable to start embedded container; -

-
i getting error when run spring application: exception in thread "main" org.springframework.context.applicationcontextexception: unable start embedded container; nested exception org.springframework.context.applicationcontextexception: unable start embeddedwebapplicationcontext due missing embeddedservletcontainerfactory bean. @ org.springframework.boot.context.embedded.embeddedwebapplicationcontext.onrefresh(embeddedwebapplicationcontext.java:124) @ org.springframework.context.support.abstractapplicationcontext.refresh(abstractapplicationcontext.java:476) @ org.springframework.boot.context.embedded.embeddedwebapplicationcontext.refresh(embeddedwebapplicationcontext.java:109) @ org.springframework.boot.springapplication.refresh(springapplication.java:691) @ org.springframework.boot.springapplication.run(springapplication.java:320) @ org.springframework.boot.springapplication.run(springapplication.java:952) @ org.springframework.boot.springa...
Read more

sql server 2008 - My Sql Code Get An Error Of Msg 245, Level 16, State 1, Line 1 Conversion failed when converting the varchar value '8:45 AM' to data type int -

-
msg 245, level 16, state 1, line 1 conversion failed when converting varchar value '8:45 am' data type int. script declare @specimenid bigint = 0, @script varchar(max); declare @starttime int = (select convert(int,substring(start_time,0,charindex(':', start_time)) - 12) appt appt._id=112601) --select @starttime set @script = 'select distinct ptlast_name + '', '' + pt.first_name patient_name, dbo.formatdate(pt.dob,''mm/dd/yyyy'') dob, (convert(varchar, (datediff(yy, dob, appt_date) - case when (month(dob) > month(appt_date)) or (month(dob) = month(appt_date) , day(dob) > day(appt_date)) 1 else 0 end)) + ''/'' + convert(varchar, (datediff(m, dateadd(yy, (datediff(yy, dob, appt_date) - case when (month(dob) > month(appt_date)) or (month(dob) = month(appt_date) , day(dob) > day(appt_date)) 1 else 0 end), d...
Read more