内容的栏目 * @param int $category 0列表 1频道 2单页 3外链 * @return array */ function category_list($forumlist, $model = 0, $display = 0, $category = 0) { if (empty($forumlist)) return NULL; static $cache = array(); $key = $model . '-' . $display . '-' . $category; if (isset($cache[$key])) return $cache[$key]; if ($display) { foreach ($forumlist as $k => $val) { if (1 == $val['display'] && 1 == $val['type'] && $val['category'] == $category) { $cache[$key][$k] = $val; } } } else { foreach ($forumlist as $k => $val) { if (1 == $val['type'] && $val['category'] == $category) { $cache[$key][$k] = $val; } } } return empty($cache[$key]) ? NULL : $cache[$key]; } /** * @param $forumlist 所有版块列表 不分模型 * @param int $display 0全部CMS栏目 1在首页和频道显示内容的栏目 * @param int $category 0列表 1频道 2单页 3外链 * @return array */ function category_list_show($forumlist, $display = 0, $category = 0) { if (empty($forumlist)) return NULL; static $cache = array(); $key = $display . '-' . $category; if (isset($cache[$key])) return $cache[$key]; if ($display) { foreach ($forumlist as $k => $val) { if (1 == $val['display'] && 1 == $val['type'] && $val['category'] == $category) { $cache[$key][$k] = $val; } } } else { foreach ($forumlist as $k => $val) { if (1 == $val['type'] && $val['category'] == $category) { $cache[$key][$k] = $val; } } } return empty($cache[$key]) ? NULL : $cache[$key]; } /** * @param $forumlist 所有版块列表 * @return mixed BBS栏目数据(仅列表) 尚未开放bbs频道功能 */ function forum_list($forumlist) { if (empty($forumlist)) return array(); static $cache = array(); if (isset($cache['bbs_forum_list'])) return $cache['bbs_forum_list']; $cache['bbs_forum_list'] = array(); foreach ($forumlist as $_fid => $_forum) { if ($_forum['type']) continue; $cache['bbs_forum_list'][$_fid] = $_forum; } return $cache['bbs_forum_list']; } // 导航显示的版块 function nav_list($forumlist) { if (empty($forumlist)) return NULL; static $cache = array(); if (isset($cache['nav_list'])) return $cache['nav_list']; foreach ($forumlist as $fid => $forum) { if (0 == $forum['nav_display']) { unset($forumlist[$fid]); } } return $cache['nav_list'] = $forumlist; } ?>wp kses - wp_kses_post only removes <script> tags, but not their content

科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>wp kses - wp_kses_post only removes <script> tags, but not their content

    wp kses - wp_kses_post only removes <script> tags, but not their content

    programmeradmin0浏览0评论

    Is there any way to remove the <script> tags including their contents?

    wp_kses_post seems to only remove the tags, while their content remains visible on the page.

    Thank you

    Is there any way to remove the <script> tags including their contents?

    wp_kses_post seems to only remove the tags, while their content remains visible on the page.

    Thank you

    • wp-kses
    Share Improve this question edited Sep 12, 2014 at 19:22 Alex Dumitru asked Sep 12, 2014 at 19:04 Alex DumitruAlex Dumitru 7531 gold badge6 silver badges13 bronze badges
    Add a comment  | 

    5 Answers 5

    Reset to default 2

    KSES is designed to prevent execution of undesired and potentially dangerous tags, not preventing display of the innerHTML. Blocking the content would require

    --1 Either a custom function that used some kind of string manipulation or xmlDOM manipulation to remove content; or

    --2 A function that blocked posts that contain the tag with a message why the post failed and instructions for using HTML codes to render script tag when using it in tutorials rather than as an execution tag.

    Number 1 may produce performance issues with its higher overhead. If optimizing performance is an issue or if the site involves heavy posting by multiple users, then #2 is likely a more feasible solution.

    I suggest You to use preg_replace() to filter the post content:

    add_filter('the_content', 'my_strip_scripts');

function my_strip_scripts($content){

    return preg_replace('#<script(.*?)>(.*?)</script>#is', '', $content);

}

    This is what I use on my site to strip images and paragraph tags. I'm assuming this is the_content?

    <?php
ob_start();
the_content();
$old_content = ob_get_clean();
$new_content = strip_tags($old_content, '<insert HTML tags you want kept');
echo $new_content; ?>

    The $new_content line will remove all HTML tags except those tags listed after $old_content

    Give wp_strip_all_tags() a shot. I believe it removes the content of script tags also.

    Yes, use this function: (from https://www.php/manual/en/function.strip-tags.php#86964)

    function strip_tags_content($text, $tags = '', $invert = FALSE) {

  preg_match_all('/<(.+?)[\s]*\/?[\s]*>/si', trim($tags), $tags);
  $tags = array_unique($tags[1]);
   
  if(is_array($tags) AND count($tags) > 0) {
    if($invert == FALSE) {
      return preg_replace('@<(?!(?:'. implode('|', $tags) .')\b)(\w+)\b.*?>.*?</\1>@si', '', $text);
    }
    else {
      return preg_replace('@<('. implode('|', $tags) .')\b.*?>.*?</\1>@si', '', $text);
    }
  }
  elseif($invert == FALSE) {
    return preg_replace('@<(\w+)\b.*?>.*?</\1>@si', '', $text);
  }
  return $text;
}

    & after that, if you also want to remove all attributes except few(example: href, title), use wp_kses like this:

        $content = wp_kses($content, array(
        'a' => array('href' => true, 'title' => true),
        'div' => array(),
        'p' => array(),
    ));

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论