Yii净化器CHtmlPurifier用法示例(过滤不良代码)

public function actionCreate(){  $model=new News;  $purifier = new CHtmlPurifier();  $purifier->options = array(    'URI.AllowedSchemes'=>array(              'http' => true,              'https' => true,    ),       'HTML.Allowed'=>'div',  );  if(isset($_POST['News']))  {    $model->attributes=$_POST['News'];    $model->attributes['content'] = $purifier->purify($model->attributes['content']);    if($model->save())      $this->redirect(array('view','id'=>$model->id));  }}

protected function beforeSave(){  $purifier = new CHtmlPurifier();  $purifier->options = array(    'URI.AllowedSchemes'=>array(              'http' => true,              'https' => true,    ),       'HTML.Allowed'=>'div',  );  if(parent::beforeSave()){    if($this->isNewRecord){      $this->create_data = date('y-m-d H:m:s');      $this->content = $purifier->purify($this->content);    }    return true;  }else{    return false;  }}

public function filters(){  return array(    'accessControl', // perform access control for CRUD operations    'postOnly + delete', // we only allow deletion via POST request    'purifier + create', //载入插入页面时进行些过滤操作  );}public function filterPurifier($filterChain){  $purifier = new CHtmlPurifier();  $purifier->options = array(    'URI.AllowedSchemes'=>array(              'http' => true,              'https' => true,    ),       'HTML.Allowed'=>'div',  );  if(isset($_POST['news']){    $_POST['news']['content'] = $purify($_POST['news']['content']);  }    $filterChain->run();}

<?php $this->beginWidget('CHtmlPurifier'); ?>...display user-entered content here...<?php $this->endWidget(); ?>