怎么过滤html标签

html-css043

怎么过滤html标签,第1张

过滤html标签代码如下:

public string checkStr(string html)

{

System.Text.RegularExpressions.Regex regex1 = new System.Text.RegularExpressions.Regex(@"<script[\s\S]+</script *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

System.Text.RegularExpressions.Regex regex2 = new System.Text.RegularExpressions.Regex(@" href *= *[\s\S]*script *:", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

System.Text.RegularExpressions.Regex regex3 = new System.Text.RegularExpressions.Regex(@" on[\s\S]*=", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

System.Text.RegularExpressions.Regex regex4 = new System.Text.RegularExpressions.Regex(@"<iframe[\s\S]+</iframe *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

System.Text.RegularExpressions.Regex regex5 = new System.Text.RegularExpressions.Regex(@"<frameset[\s\S]+</frameset *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

System.Text.RegularExpressions.Regex regex6 = new System.Text.RegularExpressions.Regex(@"\<img[^\>]+\>", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

System.Text.RegularExpressions.Regex regex7 = new System.Text.RegularExpressions.Regex(@"</p>", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

System.Text.RegularExpressions.Regex regex8 = new System.Text.RegularExpressions.Regex(@"<p>", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

System.Text.RegularExpressions.Regex regex9 = new System.Text.RegularExpressions.Regex(@"<[^>]*>", System.Text.RegularExpressions.RegexOptions.IgnoreCase)

html = regex1.Replace(html, "")//过滤<script></script>标记

html = regex2.Replace(html, "")//过滤href=javascript: (<A>) 属性

html = regex3.Replace(html, " _disibledevent=")//过滤其它控件的on...事件

html = regex4.Replace(html, "")//过滤iframe

html = regex5.Replace(html, "")//过滤frameset

html = regex6.Replace(html, "")//过滤frameset

html = regex7.Replace(html, "")//过滤frameset

html = regex8.Replace(html, "")//过滤frameset

html = regex9.Replace(html, "")

html = html.Replace(" ", "")

html = html.Replace("</strong>", "")

html = html.Replace("<strong>", "")

return html

}

1、过滤所有html标签的属性的正则表达式:

$search = array ("'<script[^>]*?>.*?</script>'si", // 去掉 JavaScript

"'<[\/\!]*?[^<>]*?>'si", // 去掉 HTML 标记

"'([\r\n])[\s]+'",// 去掉空白字符

"'&(quot|#34)'i",// 替换 HTML 实体

"'&(amp|#38)'i",

"'&(lt|#60)'i",

"'&(gt|#62)'i",

"'&(nbsp|#160)'i"

) // 作为 PHP 代码运行

$replace = array ("","","\\1","\"","&","<",">"," ")

$html = preg_replace($search, $replace, $html)

$str=preg_replace("/\s+/", " ", $str)//过滤多余回车

$str=preg_replace("/<[ ]+/si","<",$str)//过滤<__("<"号后面带空格)

$str=preg_replace("/<\!--.*?-->/si","",$str)//注释

$str=preg_replace("/<(\!.*?)>/si","",$str)//过滤DOCTYPE

$str=preg_replace("/<(\/?html.*?)>/si","",$str)//过滤html标签

$str=preg_replace("/<(\/?head.*?)>/si","",$str)//过滤head标签

$str=preg_replace("/<(\/?meta.*?)>/si","",$str)//过滤meta标签

$str=preg_replace("/<(\/?body.*?)>/si","",$str)//过滤body标签

$str=preg_replace("/<(\/?link.*?)>/si","",$str)//过滤link标签

$str=preg_replace("/<(\/?form.*?)>/si","",$str)//过滤form标签

$str=preg_replace("/cookie/si","COOKIE",$str)//过滤COOKIE标签

$str=preg_replace("/<(applet.*?)>(.*?)<(\/applet.*?)>/si","",$str)//过滤applet标签

$str=preg_replace("/<(\/?applet.*?)>/si","",$str)//过滤applet标签

$str=preg_replace("/<(style.*?)>(.*?)<(\/style.*?)>/si","",$str)//过滤style标签

$str=preg_replace("/<(\/?style.*?)>/si","",$str)//过滤style标签

$str=preg_replace("/<(title.*?)>(.*?)<(\/title.*?)>/si","",$str)//过滤title标签

$str=preg_replace("/<(\/?title.*?)>/si","",$str)//过滤title标签

$str=preg_replace("/<(object.*?)>(.*?)<(\/object.*?)>/si","",$str)//过滤object标签

$str=preg_replace("/<(\/?objec.*?)>/si","",$str)//过滤object标签

$str=preg_replace("/<(noframes.*?)>(.*?)<(\/noframes.*?)>/si","",$str)//过滤noframes标签

$str=preg_replace("/<(\/?noframes.*?)>/si","",$str)//过滤noframes标签

$str=preg_replace("/<(i?frame.*?)>(.*?)<(\/i?frame.*?)>/si","",$str)//过滤frame标签

$str=preg_replace("/<(\/?i?frame.*?)>/si","",$str)//过滤frame标签

$str=preg_replace("/<(script.*?)>(.*?)<(\/script.*?)>/si","",$str)//过滤script标签

$str=preg_replace("/<(\/?script.*?)>/si","",$str)//过滤script标签

$str=preg_replace("/javascript/si","Javascript",$str)//过滤script标签

$str=preg_replace("/vbscript/si","Vbscript",$str)//过滤script标签

$str=preg_replace("/on([a-z]+)\s*=/si","On\\1=",$str)//过滤script标签

$str=preg_replace("//si","&#",$str)//过滤script标签,如javAsCript:alert(

清除空格,换行

function DeleteHtml($str)

{

$str = trim($str)

$str = strip_tags($str,"")

$str = ereg_replace("\t","",$str)

$str = ereg_replace("\r\n","",$str)

$str = ereg_replace("\r","",$str)

$str = ereg_replace("\n","",$str)

$str = ereg_replace(" "," ",$str)

return trim($str)

}

过滤HTML属性

1,过滤所有html标签的正则表达式:

复制代码 代码如下:

</?[^>]+>

//过滤所有html标签的属性的正则表达式:

$html = preg_replace("/<([a-zA-Z]+)[^>]*>/","<\\1>",$html)

3,过滤部分html标签的正则表达式的排除式(比如排除<p>,即不过滤<p>):

复制代码 代码如下:

</?[^pP/>]+>

4,过滤部分html标签的正则表达式的枚举式(比如需要过滤<a><p><b>等):

复制代码 代码如下:

</?[aApPbB][^>]*>

5,过滤部分html标签的属性的正则表达式的排除式(比如排除alt属性,即不过滤alt属性):

复制代码 代码如下:

\s(?!alt)[a-zA-Z]+=[^\s]*

6,过滤部分html标签的属性的正则表达式的枚举式(比如alt属性):

复制代码 代码如下:

(\s)alt=[^\s]*