Recently, I have been working on a PHP website with no SQL support (yeah, don’t ask), but needed to maintain a small database of pages and posts that could be updated via a WYSIWYG web interface. I ended up going with the following configuration:
- Store data in XML files.
- Handle XML data in PHP using the SimpleXMLElement class
This is a very simple set-up, but there are a few things to note:
- To store HTML data in XML, the angle brackets < > need to be properly escaped; otherwise, all HTML elements will be read as XML elements! So, run the content through
htmlspecialchars()first, or through
FILTER_SANITIZE_FULL_SPECIAL_CHARSflag if you have a newer version of PHP (>5.2).
- When XML files are loaded with simplexml_load_file, escaped HTML entities are unescaped! This makes displaying stored HTML data really easy (you can literally just echo the content retrieved from the XML file), but it is important to remember to escape this data if you need to load it into a form for web editing!
This means “allow noscript and script tags, with any attributes ([*])”. Note that [*] applies to both noscript and script tags. If you wanted [*] to only apply to script, you would do this:
config.extraAllowedContent = 'noscript script[*]';
config.extraAllowedContent = 'noscript; script[*]';
Here’s a small demo. Grab the following code and save it into a PHP file. CKEditor is optional, so feel free to remove the <script> tags if you don’t want to play with CKEditor.