htmlPurifier not working with Froala editor WYSIWYG

隐身守侯 提交于 2019-12-12 06:37:09

问题


When i Input.:

<script>alert("XSS")</script>Cleaning Test

My output should be

Cleaning Test

but i get same as input <script>alert("XSS")</script>Cleaning Test

can someone help me to solve this problem and tried a lot but doesn't works i need to check my htmlpurifie is working

this is my code

<?php

require_once 'htmlpurifier/library/HTMLPurifier.auto.php';


ini_set("display_errors", 1);
error_reporting(E_ALL);

define('DB_SERVER', "localhost");
define('DB_USER', "sanoj");
define('DB_PASSWORD', "123456");
define('DB_DATABASE', "test");
define('DB_DRIVER', "mysql");


$country = filter_input(INPUT_POST, 'title');
$dirty_html = filter_input(INPUT_POST, 'wysiwyg');

$purifier = new HTMLPurifier();
$clean_html = $purifier->purify($dirty_html);

try {
    $db = new PDO(DB_DRIVER . ":dbname=" . DB_DATABASE . ";host=" . DB_SERVER, DB_USER, DB_PASSWORD);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $stmt = $db->prepare("INSERT INTO final(title, wysiwyg) VALUES (:title, :wysiwyg)");

    $stmt->bindParam(':title', $country, PDO::PARAM_STR, 100);
    $stmt->bindParam(':wysiwyg', $clean_html, PDO::PARAM_STR, 100);

    if ($stmt->execute()) {
        echo '1 row has been inserted';
    }

    $db = null;
} catch (PDOException $e) {
    trigger_error('Error occured while trying to insert into the DB:' . $e->getMessage(), E_USER_ERROR);
}
?>

来源:https://stackoverflow.com/questions/30410850/htmlpurifier-not-working-with-froala-editor-wysiwyg

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!