我有一个 PHP 的 webmail 脚本,我今天收到了来自 gmail 的邮件,内容如下:
$content='
<p>This is just example for MessageContent</
p>Test...<span>Test</span>Test..<span
>Test</span>';
我怎样才能用 nl2br print它呢?
如果我用 echo nl2br($content);,结果是这样的:
<br />
<p>This is just example for MessageContent</<br />
p>Test...<span>Test</span>Test..<span<br />
>Test</span>
所以我该如何修正这个问题?
Personally I think accepting html in a message is bad, and you should strip out any html, why?
Because if you accept html tobe rendered. eg: not using htmlentities($content) from an unknown source then a malicious person could add javascript and XSS attack you, or a dodgy link and CSRF you or even just a 1px image and get your IP.
But if you accept the risk you can just render the message as-is.
<?php
$content='
<p>This is just example for MessageContent</
p>Test...<span>Test</span>Test..<span
>Test</span>';
//Or at least sanitise abit - Remove all tags except p's an a's
$content = strip_tags($content,'<p><a>');
?>
nl2br is for content you expect to have no html in it.
You could either change $content to
$content='
<p>This is just example for MessageContent</p>
Test...<span>Test</span>Test..
<span>Test</span>';
Or you could just use
echo $content;