我试图格式化一些不好的HTML输出到一个弹出窗口。该HTML存储在一个领域在MySQL数据库中。
我一直在执行json_en code并用htmlspecialchars上排在PHP像这样:
$的HTML =ヶ辆(json_en code($ ROW2 ['ARTICLE_DESC']));
和打电话给我makewindows功能,它只是采用了HTML作为一个放慢参数,并使用它withdocument.write像这样:
< P>< A HREF ='#'的onclick = \makewindows('$ HTML。');返回false; \>点击全描述&所述; / a取代;&所述; / P>
这工程确定,在一些HTML code制造,如下列:
http://www.nomorepasting.com/getpaste.php?pasteid=22823&seen=true&wrap=on&langoverride=html4strict
粘贴在那里,因为我不知道如何来包装SO行
问题是用htmlspecialchars似乎并没有被剥离不良的HTML数据,不创建弹出窗口。我收到与萤火虫的误差
在参数列表缺失)
然而,HTML是我无法控制的。
从我读过,我正在采取正确的步骤。如果我失去了一些东西,是什么呢?
我全使Windows功能:
函数makewindows(HTML){
child1 =的window.open(有关:空白);
child1.document.write(HTML);
child1.document.close();
}
解决方案
您不应该有单引号中的函数调用。它应该是这样的:
< P>< A HREF ='#'的onclick = \makewindows;返回false; \($ HTML。)>点击充分描述&LT ; / a取代;&所述; / P>
那么输出将类似于
< P>< A HREF ='#'的onclick =makewindows(安培; QUOT; ......&安培; QUOT;);返回false;>点击查看完整描述< / A>< / P>
这是正确的。
I am trying to format some bad html to output into a pop window. The html is stored in a field in a mysql database.
I have been performing json_encode and htmlspecialchars on the row in the php like so:
$html = htmlentities(json_encode($row2['ARTICLE_DESC']));
and calling my makewindows function, which simply takes the html as a paramter and uses it withdocument.write like so:
<p><a href='#' onclick=\"makewindows('".$html."'); return false;\">Click for full description </a></p>
This works ok, as in some html code is produced, such as the following:
http://www.nomorepasting.com/getpaste.php?pasteid=22823&seen=true&wrap=on&langoverride=html4strict
pasted there because I do not know how to wrap lines in SO
The problem is that htmlspecialchars does not seem to be stripping bad html data, as no popup window is created. The error I receive with firebug is
missing ) after argument list
However the html is outside of my control.
From what I have read, I am taking the correct steps. If I am missing something out, what is it?
My full make windows function:
function makewindows(html){
child1 = window.open ("about:blank");
child1.document.write(html);
child1.document.close();
}
解决方案
You shouldn't have the single quotes in the function call. It should look like this:
<p><a href='#' onclick=\"makewindows(" . $html . "); return false;\">Click for full description </a></p>
Then the output will look like
<p><a href='#' onclick="makewindows("....."); return false;">Click for full description </a></p>
which is correct.