-1
I have an online html code editor via .php hosting, but there is a problem that this editor is a huge loophole that someone can browse my entire site’s data using it. For example, someone wrote this code
<img src="../../img/0102.png" alt="">
The editor will display the image without hesitation. I want the solution in an intelligent way because when I asked the artificial intelligence, it suggested that I make my files on my site not authorized to be accessed via .htaccess, but this prevented all the pages of my site from appearing as required in a natural way. Please I want the solution HTML editor code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>HTML Code Editor</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.63.1/codemirror.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.63.1/theme/dracula.min.css">
<style>
/* Set the size of the editor and result div */
.editor-container {
display: flex;
flex-direction: column;
height: 100vh;
background-color: #f1f1f1;
}
.editor-toolbar {
background-color: #333;
color: white;
padding: 10px;
}
.CodeMirror {
flex-grow: 1;
border: 1px solid #ddd;
}
.result-container {
padding: 10px;
}
iframe {
width: 100%;
height: calc(100% - 40px); /* Subtract the padding */
border: none;
}
button {
background-color: #4CAF50;
color: white;
padding: 10px 20px;
border: none;
cursor: pointer;
border-radius: 5px;
}
button:hover {
background-color: #45a049;
}
</style>
</head>
<body>
<div class="editor-toolbar">
<button onclick="downloadCode()">Download Code</button>
</div>
<div class="editor-container">
<textarea id="code-editor"></textarea>
<div class="result-container">
<h2>Result:</h2>
<iframe id="result-frame"></iframe>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.63.1/codemirror.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.63.1/mode/htmlmixed/htmlmixed.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.63.1/mode/xml/xml.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.63.1/mode/javascript/javascript.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.63.1/mode/css/css.min.js"></script>
<script>
var editor = CodeMirror.fromTextArea(document.getElementById("code-editor"), {
lineNumbers: true,
mode: "htmlmixed",
theme: "dracula" // تحديد السمة هنا
});
function updateResult() {
var code = editor.getValue();
document.getElementById("result-frame").srcdoc = code;
}
function downloadCode() {
var code = editor.getValue();
var element = document.createElement('a');
element.setAttribute('href', 'data:text/plain;charset=utf-8,' + encodeURIComponent(code));
element.setAttribute('download', 'code.html');
element.style.display = 'none';
document.body.appendChild(element);
element.click();
document.body.removeChild(element);
}
// Update result on editor change
editor.on("change", updateResult);
// Initial update
updateResult();
</script>
</body>
</html>
I expect there to be a comprehensive method via PHP itself, but I feel like JavaScript won’t help with this. Is it possible, for example, to specify htaccess codes to prevent access to other files through the code editor without preventing the pages of my site from running?