When I save span with style to MySQL, style is deleted

问题

I am using TinyMCE for my PHP/CodeIgniter CMS back-end input. However when I use a text color, some of codes are not saved and does not show the correct color.

How can I solve this problem?

Thanks in advance.

<span style="color: #ff00ff;">Some text</span>

becomes

<span  #ff00ff;">Some text</span>

in database

---

Some codes are here.

In my controller.

function _fields()
{
    $data = array(
       ....
        'content'          => $_POST['content'],
        ....
    );
    return $data;
}


function create()
{
    // We need TinyMCE, so load it
    $this->bep_assets->load_asset_group('TINYMCE');
    ...
    if ($this->input->post('name'))
    {
        $data = $this->_fields();
        $this->MKaimonokago->addItem($this->module,$data);
...

And in my model.

function addItem($module,$data,$return_id=FALSE)
{
    $module_table = 'omc_'.$module;
    ...
    $this->db->insert($module_table, $data);
    ...
}

回答1:

With CodeIgniter, if you have the XSS filter enabled globally (set in your config.php) you will find that HTML inline style text is removed from all form inputs.

To get around this you can disable global XSS filtering and filter your TinyMCE form inputs manually with something like HTML Purifier, which gives you a lot more control over the elements and attributes which you would like to allow.

For the rest of your form inputs you can still run them through CodeIgniter's XSS filter - you'll just have to do it manually, like so:

$this->form_validation->set_rules('form_item_name', 'Field Name', 'required|xss_clean|strip_tags|trim');

回答2:

May be You could do this (if it's the problem because tinyMce removes some elements/attributes)

tinyMCE.init({
    mode : "exact",
    elements : "page_content",
    theme : "advanced",
    // You can use
    extended_valid_elements: "span[class|align|style]"
    // Or you can use
    verify_html : false
});

// Following lines (inside tiny_mce_src.js) allow all elements and attributes if verify_html is set to false

if (settings.verify_html === false)
    settings.valid_elements = '*[*]';

Reference : tinyMce

Another reference on SO.

来源：https://stackoverflow.com/questions/9758660/when-i-save-span-with-style-to-mysql-style-is-deleted