通过以下方式搜索 
hdvinnie / laravel-html-purifier
为 Laravel 提供的 HTML 清理器
v3.0.0
2024-03-13 15:38 UTC
Requires
- php: ^7.2|^8.0
- ezyang/htmlpurifier: 4.13.*
- illuminate/config: ^5.8|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
- illuminate/filesystem: ^5.8|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
- illuminate/support: ^5.8|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
Requires (Dev)
- graham-campbell/testbench: ^3.2|^5.5.1
- mockery/mockery: ^1.3.3
- phpunit/phpunit: ^8.0|^9.0
Suggests
- laravel/framework: To test the Laravel bindings
- laravel/lumen-framework: To test the Lumen bindings
README
为 Laravel 提供的 HTML 清理器
这是一个简单的 Laravel 服务提供者,让您可以轻松地在 Laravel 中使用 HTMLPurifier。根据他们的网站描述
HTML Purifier 是一个符合标准的 HTML 过滤库,用 PHP 编写。HTML Purifier 不仅将删除所有恶意代码(也称为 XSS),它还会使用经过彻底审计的、安全的但允许的白名单,确保您的文档符合标准,这是只有具备对 W3C 规范的全面了解才能实现的。厌倦了使用 BBCode,因为当前的 HTML 过滤器不完善或不安全?拥有 WYSIWYG 编辑器,但从未能够使用它?正在寻找用于您构建的应用程序的高质量、符合标准、开源组件?HTML Purifier 是您所需要的!
安装
适用于 Laravel 5.5+
使用 Composer 需求此包
composer require hdvinnie/laravel-html-purifier
服务提供者将自动发现。您不需要在任何地方添加提供者。
适用于 Laravel 5.0 到 5.4
使用 Composer 需求此包
composer require hdvinnie/laravel-html-purifier
在 config/app.php 中找到 providers 键并注册 HTMLPurifier 服务提供者。
'providers' => [ // ... HDVinnie\Purifier\PurifierServiceProvider::class, ]
在 config/app.php 中找到 aliases 键并注册 Purifier 别名。
'aliases' => [ // ... 'Purifier' => HDVinnie\Purifier\Facades\Purifier::class, ]
使用
在您的请求或中间件中使用这些方法,无论您需要在何处清理 HTML
\clean(Input::get('inputname'));
或
Purifier::clean(Input::get('inputname'));
动态配置
\clean('This is my H1 title', 'titles'); \clean('This is my H1 title', array('Attr.EnableID' => true));
或
Purifier::clean('This is my H1 title', 'titles'); Purifier::clean('This is my H1 title', array('Attr.EnableID' => true));
使用 URI 过滤器
Purifier::clean('This is my H1 title', 'titles', function (HTMLPurifier_Config $config) { $uri = $config->getDefinition('URI'); $uri->addFilter(new HTMLPurifier_URIFilter_NameOfFilter(), $config); });
或者,在 Laravel 7+ 中,如果您想清理 Eloquent 模型中的 HTML,可以使用我们的自定义转换
<?php namespace App\Models; use Illuminate\Database\Eloquent\Model; use HDVinnie\Purifier\Casts\CleanHtml; use HDVinnie\Purifier\Casts\CleanHtmlInput; use HDVinnie\Purifier\Casts\CleanHtmlOutput; class User extends Model { protected $casts = [ 'bio' => CleanHtml::class, // cleans both when getting and setting the value 'description' => CleanHtmlInput::class, // cleans when setting the value 'history' => CleanHtmlOutput::class, // cleans when getting the value ]; }
配置
要使用自己的设置,请发布配置。
php artisan vendor:publish --provider="HDVinnie\Purifier\PurifierServiceProvider"
配置文件 config/purifier.php 应该如下所示
return [ 'encoding' => 'UTF-8', 'finalize' => true, 'ignoreNonStrings' => false, 'cachePath' => storage_path('app/purifier'), 'cacheFileMode' => 0755, 'settings' => [ 'default' => [ 'HTML.Doctype' => 'HTML 4.01 Transitional', 'HTML.Allowed' => 'div,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]', 'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align', 'AutoFormat.AutoParagraph' => true, 'AutoFormat.RemoveEmpty' => true, ], 'test' => [ 'Attr.EnableID' => 'true', ], "youtube" => [ "HTML.SafeIframe" => 'true', "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%", ], 'custom_definition' => [ 'id' => 'html5-definitions', 'rev' => 1, 'debug' => false, 'elements' => [ // http://developers.whatwg.org/sections.html ['section', 'Block', 'Flow', 'Common'], ['nav', 'Block', 'Flow', 'Common'], ['article', 'Block', 'Flow', 'Common'], ['aside', 'Block', 'Flow', 'Common'], ['header', 'Block', 'Flow', 'Common'], ['footer', 'Block', 'Flow', 'Common'], // Content model actually excludes several tags, not modelled here ['address', 'Block', 'Flow', 'Common'], ['hgroup', 'Block', 'Required: h1 | h2 | h3 | h4 | h5 | h6', 'Common'], // http://developers.whatwg.org/grouping-content.html ['figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common'], ['figcaption', 'Inline', 'Flow', 'Common'], // http://developers.whatwg.org/the-video-element.html#the-video-element ['video', 'Block', 'Optional: (source, Flow) | (Flow, source) | Flow', 'Common', [ 'src' => 'URI', 'type' => 'Text', 'width' => 'Length', 'height' => 'Length', 'poster' => 'URI', 'preload' => 'Enum#auto,metadata,none', 'controls' => 'Bool', ]], ['source', 'Block', 'Flow', 'Common', [ 'src' => 'URI', 'type' => 'Text', ]], // http://developers.whatwg.org/text-level-semantics.html ['s', 'Inline', 'Inline', 'Common'], ['var', 'Inline', 'Inline', 'Common'], ['sub', 'Inline', 'Inline', 'Common'], ['sup', 'Inline', 'Inline', 'Common'], ['mark', 'Inline', 'Inline', 'Common'], ['wbr', 'Inline', 'Empty', 'Core'], // http://developers.whatwg.org/edits.html ['ins', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']], ['del', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']], ], 'attributes' => [ ['iframe', 'allowfullscreen', 'Bool'], ['table', 'height', 'Text'], ['td', 'border', 'Text'], ['th', 'border', 'Text'], ['tr', 'width', 'Text'], ['tr', 'height', 'Text'], ['tr', 'border', 'Text'], ], ], 'custom_attributes' => [ ['a', 'target', 'Enum#_blank,_self,_target,_top'], ], 'custom_elements' => [ ['u', 'Inline', 'Inline', 'Common'], ], ], ];