- 在控制器中使用:
- public function actionCreate()
- {
- $model=new News;
-
- $purifier = new CHtmlPurifier();
- $purifier->options = array(
- 'URI.AllowedSchemes'=>array(
- 'http' => true,
- 'https' => true,
- ),
- 'HTML.Allowed'=>'div',
- );
-
- if(isset($_POST['News']))
- {
- $model->attributes=$_POST['News'];
- $model->attributes['content'] = $purifier->purify($model->attributes['content']);
- if($model->save())
- $this->redirect(array('view','id'=>$model->id));
- }
- }
- 在模型中的使用:
- protected function beforeSave()
- {
- $purifier = new CHtmlPurifier();
- $purifier->options = array(
- 'URI.AllowedSchemes'=>array(
- 'http' => true,
- 'https' => true,
- ),
- 'HTML.Allowed'=>'div',
- );
-
- if(parent::beforeSave()){
- if($this->isNewRecord){
- $this->create_data = date('y-m-d H:m:s');
- $this->content = $purifier->purify($this->content);
- }
- return true;
- }else{
- return false;
- }
- }
- 在过滤器中的使用:
- public function filters()
- {
- return array(
- 'accessControl', // perform access control for CRUD operations
- 'postOnly + delete', // we only allow deletion via POST request
- 'purifier + create', //载入插入页面时进行些过滤操作
- );
- }
-
- public function filterPurifier($filterChain){
- $purifier = new CHtmlPurifier();
- $purifier->options = array(
- 'URI.AllowedSchemes'=>array(
- 'http' => true,
- 'https' => true,
- ),
- 'HTML.Allowed'=>'div',
- );
- if(isset($_POST['news']){
- $_POST['news']['content'] = $purify($_POST['news']['content']);
- }
- $filterChain->run();
- }
- 在视图中的使用:
- <?php $this->beginWidget('CHtmlPurifier'); ?>
- ...display user-entered content here...
- <?php $this->endWidget(); ?>