本文整理匯總了PHP中is_purify_html_necessary函數的典型用法代碼示例。如果您正苦於以下問題:PHP is_purify_html_necessary函數的具體用法?PHP is_purify_html_necessary怎麽用?PHP is_purify_html_necessary使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了is_purify_html_necessary函數的1個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: clean_text
/**
* Cleans raw text removing nasties.
*
* Given raw text (eg typed in by a user) this function cleans it up and removes any nasty tags that could mess up
* Moodle pages through XSS attacks.
*
* The result must be used as a HTML text fragment, this function can not cleanup random
* parts of html tags such as url or src attributes.
*
* NOTE: the format parameter was deprecated because we can safely clean only HTML.
*
* @param string $text The text to be cleaned
* @param int|string $format deprecated parameter, should always contain FORMAT_HTML or FORMAT_MOODLE
* @param array $options Array of options; currently only option supported is 'allowid' (if true,
* does not remove id attributes when cleaning)
* @return string The cleaned up text
*/
function clean_text($text, $format = FORMAT_HTML, $options = array())
{
$text = (string) $text;
if ($format != FORMAT_HTML and $format != FORMAT_HTML) {
// TODO: we need to standardise cleanup of text when loading it into editor first.
// debugging('clean_text() is designed to work only with html');.
}
if ($format == FORMAT_PLAIN) {
return $text;
}
if (is_purify_html_necessary($text)) {
$text = purify_html($text, $options);
}
// Originally we tried to neutralise some script events here, it was a wrong approach because
// it was trivial to work around that (for example using style based XSS exploits).
// We must not give false sense of security here - all developers MUST understand how to use
// rawurlencode(), htmlentities(), htmlspecialchars(), p(), s(), moodle_url, html_writer and friends!!!
return $text;
}