项目地址
https://github.com/mewebstudio/Purifier
Purifier 是针对 Laravel 框架的 HTML 过滤器,防止 XSS 漏洞
安装
composer require mews/purifier
生成配置
php artisan vendor:publish --provider="Mews\Purifier\PurifierServiceProvider"
自定义配置
config/purifier.php
'default' => [
'HTML.Doctype' => 'HTML 4.01 Transitional',
'HTML.Allowed' => 'div,b,strong,i,em,a[href|title],ul,ol,ol[start],li,p[style],br,span[style],img[width|height|alt|src],*[style|class],pre,hr,code,h1[id],h2,h3,h4,h5,h6,blockquote,del,table,thead,tbody,tr,th,td,iframe[width|height|src|frameborder|scrolling|allowfullscreen]',
'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,margin,width,height,font-family,text-decoration,padding-left,color,background-color,text-align',
'AutoFormat.AutoParagraph' => true,
'AutoFormat.RemoveEmpty' => true,
'Attr.EnableID' => true,
'HTML.SafeIframe' => true,
'URI.SafeIframeRegexp' => "%^(http://|https://|//)(www.youtube.com/embed/|player.bilibili.com)%",
],
配置说明
'Attr.EnableID' => true, 不过滤 id 属性
'HTML.SafeIframe' => true, 不过滤 iframe 标签
'URI.SafeIframeRegexp' => "%^(http://|https://|//)(www.youtube.com/embed/|player.bilibili.com)%", 允许的 iframe 地址
