I have a text in this form:
aaaa bbbbb cccccc a:link {text-decoration: none;font-family: Verdana, Arial, Helvetica, sans-serif;color: #ffffff; } a:hover {text-decoration: underline; } .intro{font-size: 11px;font-weight: bold;line-height: 18px;color : #ffffff;padding-left: 25px;font-family: Verdana, Arial, Helvetica, sans-serif; } ddddd eeeeee
I would like to remove all the css with the classes. The output should be:
aaaa bbbbb cccccc ddddd eeeeee
Can aynone show me an preg_match example? I fond an example to remove everything between the brakets {} but I need, that everything with css is removed.
Thanks
Nik
The trouble you will have with removing the non-CSS parts from that string is that it's very hard to determine which parts are CSS and which aren't.
You say you want to be left with aaaa bbbbb cccccc ddddd eeeeee, but in fact from your original string, aaaa bbbbb cccccc would be valid parts of the CSS selector. They would select elements named <aaaa> or <bbbbb> or <cccccc>.
Granted, these are not valid HTML elements, but CSS can be used to apply styles to arbitrary XML as well as HTML, so they could very easily be valid elements. If you're using xhtml, they could appear in your page quite legitimately under a custom name-space.
But it gets worse. I assume that the text wouldn't actually be aaaa bbbbb cccccc, but would be an arbitrary string of words. In that case, consider that it may be a sentence like 'I am strong'. In this case, strong would be part of the string you want to remove, but <strong> is also a valid HTML element (as is <I> for that matter), so even if you are just sticking with it would be impossible to tell in the above string whether it was intended to be a CSS selector or part of the text string to keep. You simply couldn't write a regex that would be completely reliable in all cases.
As you say, you can remove everything inside the {} braces fairly easily, but the selectors outside the braces would be very hard to separate reliably from surrounding text.
Related
I have this text in mysql adding even directly but do not want to lose the labels only the styles and formats that tenien
<p style="margin-bottom: 20px; padding: 0px; border: 0px;"><span style="line-height: 1.428571429;">Allí, el club crema</span><p>
use strip_tags but removes the entire label
strip_tags ($ data, "<p>");
I want it that way:
<p>Allí, el club crema<p>
I hope your help, thank you very much beforehand for your answers
Warning, anti-pattern: using REGEX on mark-up is generally a bad idea. However it's sometimes more convenient, so to hell with it:
$data = preg_replace('/(<\w+) [^>]+/', '$1', $data);
There is no php function for that. The strip tags function will strip the tag completely, and allowing a tag will keep the tag in place, including the attributes. You'll need to load the html in a xml parser and reconstruct the output, or, and I would advise you to go that way, use regex to strip out any html attributes (after you've stripped away the tags you don't need anyway. See also this question
I'm trying to understand XSS attacks. I learnt that I should use htmlspecialchars() whenever outputting something to the browser that came from the user input. The code below works fine.
What I don't understand is whether there is a need to use htmlspecialchars() here for echoing the $enrollmentno or not?
<?php
$enrollmentno = (int)$_POST['enrollmentno'];
echo "<div style='border-radius:45px; border-width: 2px; border-style: dashed; border-color: black;'><center><h4><b>$enrollmentno</b></h4></center></div>";
$clink = "http://xyz/$enrollmentno/2013";
echo"<iframe src='$clink' width='1500' height='900' frameBorder='0'></iframe>";
?>
If I do something like
$safe = "<div style='border-radius:45px; border-width: 2px; border-style: dashed; border-color: black;'><center><h4><b>$enrollmentno</b></h4></center></div>";
echo htmlspecialchars($safe, ENT_QUOTES);
It doesn't show the correct HTML format.
I'm not sure if I have to use HTMLPurifer here.
Does HTMLPurifer retain the HTML formating while prevent XSS?
Update
echo "<div style='border-radius:45px; border-width: 2px; border-style: dashed; border-color: black;'><center><h4><b>".htmlspecialchars ($enrollmentno)."</b></h4></center></div>";
Does the trick!
Any time you use arbitrary data in the context of HTML, you should be using htmlspecialchars(). The reason for this is that it prevents your text content from being treated as HTML, which could potentially be malicious if coming from outside users. It also ensures you are generating valid HTML that browsers can handle consistently.
Suppose I want the text "8 > 3" to appear on in HTML. To do this, my HTML code would be 8 > 3. The > is encoded as > so that it isn't misinterpreted as part of a tag.
Now, suppose I am making a web page about how to write HTML. I want the user to see the following:
<p>This is how to make a paragraph</p>
If I don't want <p> and </p> to be interpreted as an actual paragraph, but as text, you need to encode:
<p>This is how to make a paragraph</p>
htmlspecialchars() does that. It allows you to insert arbitrary text into an HTML context in a safe way.
Now, in your second example:
$safe = "<div style='border-radius:45px; border-width: 2px; border-style: dashed; border-color: black;'><center><h4><b>$enrollmentno</b></h4></center></div>";
echo htmlspecialchars($safe, ENT_QUOTES);
This does exactly what you asked it to do. You gave it some text, and it encoded that. If you wanted it as HTML, you should have just echoed it.
Now, if you need to display HTML as HTML and it comes from an untrusted source (i.e. not you), then you need tools like HTMLPurifier. You do not need this if you trust the source. Running all your output through htmlspecialchars() doesn't magically make things safe. You only need it when inserting arbitrary text data. Here's a good use case:
echo '<h1>Product Review from ', htmlspecialchars($username), '</h1>';
echo htmlspecialchars($reviewText);
In this case, both the username and review text can contain whatever that user typed in, and they will be encoded correctly for use in HTML.
I have a page which is a cms/wysiwyg/ms word nightmare.
It pulls many paragraphs of text from a database, some of which have retained ms word's bizarre html tags - including font declarations!!! ahh!
In one sentence I can have things like:
<span style="font-family:Verdana">this is some</span>
<span style="font-family:arial">ugly text!</span>
I was wondering if there is a way of removing all font-family and font-size styles so they will adapt the master stylesheet css?
I'd prefer to not get into massive preg_replace conditions if I can avoid it.
Thanks
CSS:
span {
font-family: initial !important;
font-size: initial !important;
}
Well, if you're getting inline styles in many places, I would add this to the body CSS
body {
font-family: Arial, Helvetica, sans-serif !important;
font-size: 16px !important;
}
If you notice that all of the inline font styling are going on spans, you could target spans instead of the body.
I chose these two fonts because they are the "default" fonts for Windows and Mac/iOS.
Of course you can choose your own font size. The only unfortunate part about this is if you want a different font and font size in other places you'll have to use more !importants.
You can use the !important rule for this. But you will have to explicitly define each element you want it to go on (or use the universal selector *)
http://jsfiddle.net/b8RKm/
* { font-family: Tahoma, sans-serif !important; }
I'm trying to add CSS styling to all hyperlinks unless it has a "donttouch" attribute.
E.g.
Style this: style me
Don't style this: <a href="http://whatever.com" donttouch>don't style me</a>
Here's my preg_replace without the "donttouch" exclusion, which works fine.
preg_replace('/<a(.*?)href="([^"]*)"(.*?)>(.*?)<\/a>/','<a$1href="$2"$3><span style="color:%link_color%; text-decoration:underline;">$4</span></a>', $this->html)
I've looked all over the place, and would appreciate any help.
Find (works also in Notepad++)
(?s)(<a (?:(?!donttouch)[^>])+>)(.*?)</a>
Replace with (Replace all in Notepad++):
\1<span style="whatever">\2</span></a>
This can be accomplished without a regular expression. Instead, use a CSS attribute selector.
For example, use these rules:
a { font-weight: bold; color: green }
a[donttouch=''] { font-weight: normal; color: blue }
Technically, you are styling the elements with the 'donttouch' attribute, but you can use default values. This will be more efficient than attempting to use a regular expression to parse your HTML, which is usually a bad idea.
I'm wanting to scan through a css file and capture both comments and the css. I've came up with a regex that's almost there, however it's not quite perfect as it misses out properties with multiple declarations i.e.
ul.menu li a, # Won't capture this line
ul.nice-menu li a { text-decoration: none; cursor:pointer; }
Here's the regex that I'm working with:
(\/\*[^.]+\*\/\n+)?([\t]*[a-zA-Z0-9\.# -_:#]+[\t\s]*\{[^}]+\})
I've been testing this at rubular.com and here is what it currently matches, and what the array output is like.
Result 1
[0] /* Index */
/*
GENERAL
PAGE REGIONS
- Header bar region
- Navigation bar region
- Footer region
SECTION SPECIFIC
- Homepage
- News */
[1] html { background: #ddd; }
Result 2
[0]
[1] body { background: #FFF; font-family: "Arial", "Verdana", sans-serif; color: #545454;}
I must point out that I'm still a new when it comes to regular expressions, so if anyone can help and show where I'm going wrong, it'd be much appreciated :)
BTW:
I'm using PHP and preg_match_all
CSS cannot be fully parsed with a regex (see CSS Grammar: http://www.w3.org/TR/CSS2/grammar.html). The {...} can be split over lines, for example, and your current version wouldn't handle this. If you need to do this, you should read the CSS spec and use a tool like ANTLR to generate a parser.
Here is an example from the W3C spec (http://www.w3.org/TR/CSS2/syndata.html):
#import "subs.css";
#import "print-main.css" print;
#media print {
body { font-size: 10pt }
}
h1 {color: blue }
No normal regex is powerful enough to deal with nested {...} etc. let alone the contents of the imported stylesheets.
What language are you using?
You should probably just use a library to parse the CSS. Libraries can save you a lot of grief.