Node.js 全栈博客系统.zip

<!DOCTYPE html> <!-- Copyright (c) 2003-2016, CKSource - Frederico Knabben. All rights reserved. For licensing, see LICENSE.md or http://ckeditor.com/license --> <html> <head> <meta charset="utf-8"> <title>Data Filtering &mdash; CKEditor Sample</title> <script src="../../ckeditor.js"></script> <link rel="stylesheet" href="sample.css"> <script> // Remove advanced tabs for all editors. CKEDITOR.config.removeDialogTabs = 'image:advanced;link:advanced;flash:advanced;creatediv:advanced;editdiv:advanced'; </script> </head> <body> <h1 class="samples"> <a href="index.html">CKEditor Samples</a> &raquo; Data Filtering and Features Activation </h1> <div class="warning deprecated"> This sample is not maintained anymore. Check out its <a href="http://sdk.ckeditor.com/samples/acf.html">brand new version in CKEditor SDK</a>. </div> <div class="description"> <p> This sample page demonstrates the idea of Advanced Content Filter (<abbr title="Advanced Content Filter">ACF</abbr>), a sophisticated tool that takes control over what kind of data is accepted by the editor and what kind of output is produced. </p> <h2>When and what is being filtered?</h2> <p> <abbr title="Advanced Content Filter">ACF</abbr> controls <strong>every single source of data</strong> that comes to the editor. It process both HTML that is inserted manually (i.e. pasted by the user) and programmatically like: </p> <pre class="samples"> editor.setData( '&lt;p&gt;Hello world!&lt;/p&gt;' ); </pre> <p> <abbr title="Advanced Content Filter">ACF</abbr> discards invalid, useless HTML tags and attributes so the editor remains "clean" during runtime. <abbr title="Advanced Content Filter">ACF</abbr> behaviour can be configured and adjusted for a particular case to prevent the output HTML (i.e. in CMS systems) from being polluted. This kind of filtering is a first, client-side line of defense against "<a href="http://en.wikipedia.org/wiki/Tag_soup">tag soups</a>", the tool that precisely restricts which tags, attributes and styles are allowed (desired). When properly configured, <abbr title="Advanced Content Filter">ACF</abbr> is an easy and fast way to produce a high-quality, intentionally filtered HTML. </p> <h3>How to configure or disable ACF?</h3> <p> Advanced Content Filter is enabled by default, working in "automatic mode", yet it provides a set of easy rules that allow adjusting filtering rules and disabling the entire feature when necessary. The config property responsible for this feature is <code><a class="samples" href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent">config.allowedContent</a></code>. </p> <p> By "automatic mode" is meant that loaded plugins decide which kind of content is enabled and which is not. For example, if the link plugin is loaded it implies that <code>&lt;a&gt;</code> tag is automatically allowed. Each plugin is given a set of predefined <abbr title="Advanced Content Filter">ACF</abbr> rules that control the editor until <code><a class="samples" href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent"> config.allowedContent</a></code> is defined manually. </p> <p> Let's assume our intention is to restrict the editor to accept (produce) <strong>paragraphs only: no attributes, no styles, no other tags</strong>. With <abbr title="Advanced Content Filter">ACF</abbr> this is very simple. Basically set <code><a class="samples" href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent"> config.allowedContent</a></code> to <code>'p'</code>: </p> <pre class="samples"> var editor = CKEDITOR.replace( <em>textarea_id</em>, { <strong>allowedContent: 'p'</strong> } ); </pre> <p> Now try to play with allowed content: </p> <pre class="samples"> // Trying to insert disallowed tag and attribute. editor.setData( '&lt;p <strong>style="color: red"</strong>&gt;Hello <strong>&lt;em&gt;world&lt;/em&gt;</strong>!&lt;/p&gt;' ); alert( editor.getData() ); // Filtered data is returned. "&lt;p&gt;Hello world!&lt;/p&gt;" </pre> <p> What happened? Since <code>config.allowedContent: 'p'</code> is set the editor assumes that only plain <code>&lt;p&gt;</code> are accepted. Nothing more. This is why <code>style</code> attribute and <code>&lt;em&gt;</code> tag are gone. The same filtering would happen if we pasted disallowed HTML into this editor. </p> <p> This is just a small sample of what <abbr title="Advanced Content Filter">ACF</abbr> can do. To know more, please refer to the sample section below and <a href="http://docs.ckeditor.com/#!/guide/dev_advanced_content_filter">the official Advanced Content Filter guide</a>. </p> <p> You may, of course, want CKEditor to avoid filtering of any kind. To get rid of <abbr title="Advanced Content Filter">ACF</abbr>, basically set <code><a class="samples" href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent"> config.allowedContent</a></code> to <code>true</code> like this: </p> <pre class="samples"> CKEDITOR.replace( <em>textarea_id</em>, { <strong>allowedContent: true</strong> } ); </pre> <h2>Beyond data flow: Features activation</h2> <p> <abbr title="Advanced Content Filter">ACF</abbr> is far more than <abbr title="Input/Output">I/O</abbr> control: the entire <abbr title="User Interface">UI</abbr> of the editor is adjusted to what filters restrict. For example: if <code>&lt;a&gt;</code> tag is <strong>disallowed</strong> by <abbr title="Advanced Content Filter">ACF</abbr>, then accordingly <code>link</code> command, toolbar button and link dialog are also disabled. Editor is smart: it knows which features must be removed from the interface to match filtering rules. </p> <p> CKEditor can be far more specific. If <code>&lt;a&gt;</code> tag is <strong>allowed</strong> by filtering rules to be used but it is restricted to have only one attribute (<code>href</code>) <code>config.allowedContent = 'a[!href]'</code>, then "Target" tab of the link dialog is automatically disabled as <code>target</code> attribute isn't included in <abbr title="Advanced Content Filter">ACF</abbr> rules for <code>&lt;a&gt;</code>. This behaviour applies to dialog fields, context menus and toolbar buttons. </p> <h2>Sample configurations</h2> <p> There are several editor instances below that present different <abbr title="Advanced Content Filter">ACF</abbr> setups. <strong>All of them, except the inline instance, share the same HTML content</strong> to visualize how different filtering rules affect the same input data. </p> </div> <div> <label for="editor1"> Editor 1: </label> <div class="description"> <p> This editor is using default configuration ("automatic mode"). It means that <code><a class="samples" href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent"> config.allowedContent</a></code> is defined by loaded plugins. Each plugin extends filtering rules to make it's own associated content available for the user. </p> </div> <textarea cols="80" id="editor1" name="editor1" rows="10"> &lt;h1&gt;&lt;img alt=&quot;Saturn V carrying Apollo 11&quot; class=&quot;right&quot; src=&quot;assets/sample.jpg&quot;/&gt; Apollo 11&lt;/h1&gt; &lt;p&gt;&lt;b&gt;Apollo 11&lt;/b&gt; was the spaceflight that landed the first humans, Americans &lt;a href=&quot;http://en.wikipedia.org/wiki/Neil_Armstrong&quot; title=&quot;Neil Armstrong&quot;&gt;Neil Armstrong&lt;/a&gt; and &lt;a href=&quot;http://en.wikipedia.org/wiki/Buzz_Aldrin&quot; title=&quot;Buzz Aldrin&quot;&gt;Buzz Aldrin&lt;/a&gt;, on the Moon on July 20, 1969, at 20:18 UTC. Armstrong became the first to step onto the lunar surface 6 hours later on July 21 at 02:56 UTC.&lt;/p&gt; &lt;p&gt;Armstrong spent about &lt;s&gt;