这篇文章主要介绍了Yii净化器CHtmlPurifier用法,可实现过滤不良代码的功能,涉及在控制器、模型、过滤器及视图中的相关使用技巧,需要的朋友可以参考下

1. 在控制器中使用：

public function actionCreate()

{

$model=new News;

$purifier = new CHtmlPurifier();

$purifier->options = array(

'URI.AllowedSchemes'=>array(

'http' => true,

'https' => true,

),

'HTML.Allowed'=>'div',

);

if(isset($_POST['News']))

{

$model->attributes=$_POST['News'];

$model->attributes['content'] = $purifier->purify($model->attributes['content']);

if($model->save())

$this->redirect(array('view','id'=>$model->id));

}

}

2. 在模型中的使用：

protected function beforeSave()

{

$purifier = new CHtmlPurifier();

$purifier->options = array(

'URI.AllowedSchemes'=>array(

'http' => true,

'https' => true,

),

'HTML.Allowed'=>'div',

);

if(parent::beforeSave()){

if($this->isNewRecord){

$this->create_data = date('y-m-d H:m:s');

$this->content = $purifier->purify($this->content);

}

return true;

}else{

return false;

}

}

3. 在过滤器中的使用：

public function filters()

{

return array(

'accessControl', // perform access control for CRUD operations

'postOnly + delete', // we only allow deletion via POST request

'purifier + create', //载入插入页面时进行些过滤操作

);

}

public function filterPurifier($filterChain){

$purifier = new CHtmlPurifier();

$purifier->options = array(

'URI.AllowedSchemes'=>array(

'http' => true,

'https' => true,

),

'HTML.Allowed'=>'div',

);

if(isset($_POST['news']){

$_POST['news']['content'] = $purify($_POST['news']['content']);

}

$filterChain->run();

}

4. 在视图中的使用：

beginWidget('CHtmlPurifier'); ?>

...display user-entered content here...

endWidget(); ?>

希望本文所述对大家基于Yii框架的PHP程序设计有所帮助。