• KindEditor


    1、进入官网

    2、下载

    • 官网下载:http://kindeditor.net/down.php
    • 本地下载:http://files.cnblogs.com/files/wupeiqi/kindeditor_a5.zip

    3、文件夹说明

    ├── asp                          asp示例
    ├── asp.net                    asp.net示例
    ├── attached                  空文件夹,放置关联文件attached
    ├── examples                 HTML示例
    ├── jsp                          java示例
    ├── kindeditor-all-min.js 全部JS(压缩)
    ├── kindeditor-all.js        全部JS(未压缩)
    ├── kindeditor-min.js      仅KindEditor JS(压缩)
    ├── kindeditor.js            仅KindEditor JS(未压缩)
    ├── lang                        支持语言
    ├── license.txt               License
    ├── php                        PHP示例
    ├── plugins                    KindEditor内部使用的插件
    └── themes                   KindEditor主题

    由于红色标记得暂时用不到,可以暂时删掉:

    4、基本使用

    <textarea name="content" id="content"></textarea>
     
    <script src="/static/jquery-1.12.4.js"></script>
    <script src="/static/plugins/kind-editor/kindeditor-all.js"></script>
    <script>
        $(function () {
            initKindEditor();
        });
     
        function initKindEditor() {
            var kind = KindEditor.create('#content', {
                 '100%',       // 文本框宽度(可以百分比或像素)
                height: '300px',     // 文本框高度(只能像素)
                minWidth: 200,       // 最小宽度(数字)
                minHeight: 400      // 最小高度(数字)
            });
        }
    </script>
    

    5、详细参数

         http://kindeditor.net/docs/option.html

    常用参数及示例:

    常用参数:
    width 编辑器的宽度
    height 编辑器的高度
    minWidth 编辑器最小宽度
    minHeight 编辑器最小高度
    items 编辑器的工具栏
    noDisableItems 要保留的工具栏图标
    htmlTags 要保留的HTML标记和属性
    resizeType 2或1或0,2时可以拖动改变宽度和高度,1时只能改变高度,0时不能拖动。
    常用参数
        <script src="/static/kindeditor-4.1.10/kindeditor-all.js"></script>
        <script>
            KindEditor.create("#i1",{
                 "700px",
                height: "300px",
                items: [ 'source', '|', 'undo', 'redo', '|', 'preview', 'print', 'template', 'code', 'cut', 'copy', 'paste',],
                noDisableItems: ['undo','redo'],
                designMode: false,
                resizeType:1,
            })
        </script>
    示例

    6、上传文件示例

    <!DOCTYPE html>
    <html>
    <head lang="en">
        <meta charset="UTF-8">
        <title></title>
    </head>
    <body>
    
    <div>
        <h1>文章内容</h1>
        {{ request.POST.content|safe }}
    </div>
    
    
    <form method="POST">
        <h1>请输入内容:</h1>
        {% csrf_token %}
        <div style=" 500px; margin: 0 auto;">
            <textarea name="content" id="content"></textarea>
        </div>
        <input type="submit" value="提交"/>
    </form>
    
    <script src="/static/jquery-1.12.4.js"></script>
    <script src="/static/plugins/kind-editor/kindeditor-all.js"></script>
    <script>
        $(function () {
            initKindEditor();
        });
    
        function initKindEditor() {
            var a = 'kind';
            var kind = KindEditor.create('#content', {
                 '100%',       // 文本框宽度(可以百分比或像素)
                height: '300px',     // 文本框高度(只能像素)
                minWidth: 200,       // 最小宽度(数字)
                minHeight: 400,      // 最小高度(数字)
                uploadJson: '/kind/upload_img/',
                extraFileUploadParams: {
                    'csrfmiddlewaretoken': '{{ csrf_token }}'
                },
                fileManagerJson: '/kind/file_manager/',
                allowPreviewEmoticons: true,
                allowImageUpload: true
            });
        }
    </script>
    </body>
    </html>
    HTML
    import os
    import json
    import time
    
    from django.shortcuts import render
    from django.shortcuts import HttpResponse
    
    
    def index(request):
        """
        首页
        :param request:
        :return:
        """
        return render(request, 'index.html')
    
    
    def upload_img(request):
        """
        文件上传
        :param request:
        :return:
        """
        dic = {
            'error': 0,
            'url': '/static/imgs/20130809170025.png',
            'message': '错误了...'
        }
    
        return HttpResponse(json.dumps(dic))
    
    
    def file_manager(request):
        """
        文件管理
        :param request:
        :return:
        """
        dic = {}
        root_path = '/Users/wupeiqi/PycharmProjects/editors/static/'
        static_root_path = '/static/'
        request_path = request.GET.get('path')
        if request_path:
            abs_current_dir_path = os.path.join(root_path, request_path)
            move_up_dir_path = os.path.dirname(request_path.rstrip('/'))
            dic['moveup_dir_path'] = move_up_dir_path + '/' if move_up_dir_path else move_up_dir_path
    
        else:
            abs_current_dir_path = root_path
            dic['moveup_dir_path'] = ''
    
        dic['current_dir_path'] = request_path
        dic['current_url'] = os.path.join(static_root_path, request_path)
    
        file_list = []
        for item in os.listdir(abs_current_dir_path):
            abs_item_path = os.path.join(abs_current_dir_path, item)
            a, exts = os.path.splitext(item)
            is_dir = os.path.isdir(abs_item_path)
            if is_dir:
                temp = {
                    'is_dir': True,
                    'has_file': True,
                    'filesize': 0,
                    'dir_path': '',
                    'is_photo': False,
                    'filetype': '',
                    'filename': item,
                    'datetime': time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime(os.path.getctime(abs_item_path)))
                }
            else:
                temp = {
                    'is_dir': False,
                    'has_file': False,
                    'filesize': os.stat(abs_item_path).st_size,
                    'dir_path': '',
                    'is_photo': True if exts.lower() in ['.jpg', '.png', '.jpeg'] else False,
                    'filetype': exts.lower().strip('.'),
                    'filename': item,
                    'datetime': time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime(os.path.getctime(abs_item_path)))
                }
    
            file_list.append(temp)
        dic['file_list'] = file_list
        return HttpResponse(json.dumps(dic))
    View

    7、XSS过滤特殊标签

    处理依赖

    pip3 install beautifulsoup4
    
    #!/usr/bin/env python
    # -*- coding:utf-8 -*-
    from bs4 import BeautifulSoup
    
    
    class XSSFilter(object):
        __instance = None
    
        def __init__(self):
            # XSS白名单
            self.valid_tags = {
                "font": ['color', 'size', 'face', 'style'],
                'b': [],
                'div': [],
                "span": [],
                "table": [
                    'border', 'cellspacing', 'cellpadding'
                ],
                'th': [
                    'colspan', 'rowspan'
                ],
                'td': [
                    'colspan', 'rowspan'
                ],
                "a": ['href', 'target', 'name'],
                "img": ['src', 'alt', 'title'],
                'p': [
                    'align'
                ],
                "pre": ['class'],
                "hr": ['class'],
                'strong': []
            }
    
        @classmethod
        def instance(cls):
            if not cls.__instance:
                obj = cls()
                cls.__instance = obj
            return cls.__instance
    
        def process(self, content):
            soup = BeautifulSoup(content, 'lxml')
            # 遍历所有HTML标签
            for tag in soup.find_all(recursive=True):
                # 判断标签名是否在白名单中
                if tag.name not in self.valid_tags:
                    tag.hidden = True
                    if tag.name not in ['html', 'body']:
                        tag.hidden = True
                        tag.clear()
                    continue
                # 当前标签的所有属性白名单
                attr_rules = self.valid_tags[tag.name]
                keys = list(tag.attrs.keys())
                for key in keys:
                    if key not in attr_rules:
                        del tag[key]
    
            return soup.renderContents()
    
    
    if __name__ == '__main__':
        html = """<p class="title">
                            <b>The Dormouse's story</b>
                        </p>
                        <p class="story">
                            <div name='root'>
                                Once upon a time there were three little sisters; and their names were
                                <a href="http://example.com/elsie" class="sister c1" style='color:red;background-color:green;' id="link1"><!-- Elsie --></a>
                                <a href="http://example.com/lacie" class="sister" id="link2">Lacie</a> and
                                <a href="http://example.com/tillie" class="sister" id="link3">Tilffffffffffffflie</a>;
                                and they lived at the bottom of a well.
                                <script>alert(123)</script>
                            </div>
                        </p>
                        <p class="story">...</p>"""
    
        v = XSSFilter.instance().process(html)
        print(v)
    XSS示例
    #!/usr/bin/env python
    # -*- coding:utf-8 -*-
    from bs4 import BeautifulSoup
    
    
    class XSSFilter(object):
        __instance = None
    
        def __init__(self):
            # XSS白名单
            self.valid_tags = {
                "font": ['color', 'size', 'face', 'style'],
                'b': [],
                'div': [],
                "span": [],
                "table": [
                    'border', 'cellspacing', 'cellpadding'
                ],
                'th': [
                    'colspan', 'rowspan'
                ],
                'td': [
                    'colspan', 'rowspan'
                ],
                "a": ['href', 'target', 'name'],
                "img": ['src', 'alt', 'title'],
                'p': [
                    'align'
                ],
                "pre": ['class'],
                "hr": ['class'],
                'strong': []
            }
    
        def __new__(cls, *args, **kwargs):
            """
            单例模式
            :param cls:
            :param args:
            :param kwargs:
            :return:
            """
            if not cls.__instance:
                obj = object.__new__(cls, *args, **kwargs)
                cls.__instance = obj
            return cls.__instance
    
        def process(self, content):
            soup = BeautifulSoup(content, 'lxml')
            # 遍历所有HTML标签
            for tag in soup.find_all(recursive=True):
                # 判断标签名是否在白名单中
                if tag.name not in self.valid_tags:
                    tag.hidden = True
                    if tag.name not in ['html', 'body']:
                        tag.hidden = True
                        tag.clear()
                    continue
                # 当前标签的所有属性白名单
                attr_rules = self.valid_tags[tag.name]
                keys = list(tag.attrs.keys())
                for key in keys:
                    if key not in attr_rules:
                        del tag[key]
    
            return soup.renderContents()
    
    
    if __name__ == '__main__':
        html = """<p class="title">
                            <b>The Dormouse's story</b>
                        </p>
                        <p class="story">
                            <div name='root'>
                                Once upon a time there were three little sisters; and their names were
                                <a href="http://example.com/elsie" class="sister c1" style='color:red;background-color:green;' id="link1"><!-- Elsie --></a>
                                <a href="http://example.com/lacie" class="sister" id="link2">Lacie</a> and
                                <a href="http://example.com/tillie" class="sister" id="link3">Tilffffffffffffflie</a>;
                                and they lived at the bottom of a well.
                                <script>alert(123)</script>
                            </div>
                        </p>
                        <p class="story">...</p>"""
    
        obj = XSSFilter()
        v = obj.process(html)
        print(v)
    基于__new__实现单例模式示例
  • 相关阅读:
    【LINUX编程】一个基于C/S结构的简单通讯程序
    【LINUX内核】LINUX内核编译
    C语言中的auto, static, const, extern, register, restrict, volatile 关键字
    【LINUX编程】Makefile的基本介绍
    【LINUX编程】关于man的详细用法
    DOTween动画插件详解
    cas server端的loginwebflow详细流程
    Linux SSH远程文件/目录传输命令scp
    C#去掉字符串中特定ASC码字符
    解決 Flash 蓋住彈出目錄的方法(转载)
  • 原文地址:https://www.cnblogs.com/luchuangao/p/7206802.html
Copyright © 2020-2023  润新知