通过
搜索
搜索mews / purifier
Laravel 5/6/7/8/9/10 HtmlPurifier 包
3.4.2
2024-03-20 16:18 UTC
Requires
- php: ^7.2|^8.0
- ezyang/htmlpurifier: ^4.16.0
- illuminate/config: ^5.8|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
- illuminate/filesystem: ^5.8|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
- illuminate/support: ^5.8|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
Requires (Dev)
- graham-campbell/testbench: ^3.2|^5.5.1|^6.1
- mockery/mockery: ^1.3.3
- phpunit/phpunit: ^8.0|^9.0|^10.0
Suggests
- laravel/framework: To test the Laravel bindings
- laravel/lumen-framework: To test the Lumen bindings
This package is auto-updated.
Last update: 2024-09-05 16:19:20 UTC
README
这是一个简单的Laravel服务提供者,可以轻松地在Laravel中使用HTMLPurifier。从其网站描述:
HTML Purifier是一个符合标准的HTML过滤器库,用PHP编写。HTML Purifier不仅会通过彻底审计的安全白名单移除所有恶意代码(通常称为XSS),还会确保您的文档符合标准,这是只有通过全面了解W3C规范才能实现的事情。厌倦了因为目前HTML过滤器不完善或不安全而使用BBCode吗?拥有所见即所得的编辑器但从未能使用它?正在寻找用于您正在构建的应用的高质量、符合标准、开源组件?HTML Purifier就是为您准备的!
安装
Laravel 5.5+
使用Composer安装此包
composer require mews/purifier
服务提供者将被自动发现。您不需要在任何地方添加提供者。
Laravel 5.0到5.4
使用Composer安装此包
composer require mews/purifier
在config/app.php中找到providers键并注册HTMLPurifier服务提供者。
'providers' => [ // ... Mews\Purifier\PurifierServiceProvider::class, ]
在config/app.php中找到aliases键并注册Purifier别名。
'aliases' => [ // ... 'Purifier' => Mews\Purifier\Facades\Purifier::class, ]
Laravel 4
使用
在您的请求或中间件中使用这些方法,在您需要清理HTML的任何地方
clean(Input::get('inputname'));
或者
Purifier::clean(Input::get('inputname'));
动态配置
clean('This is my H1 title', 'titles'); clean('This is my H1 title', array('Attr.EnableID' => true));
或者
Purifier::clean('This is my H1 title', 'titles'); Purifier::clean('This is my H1 title', array('Attr.EnableID' => true));
使用URI过滤器
Purifier::clean('This is my H1 title', 'titles', function (HTMLPurifier_Config $config) { $uri = $config->getDefinition('URI'); $uri->addFilter(new HTMLPurifier_URIFilter_NameOfFilter(), $config); });
或者,在Laravel 7+中,如果您想在Eloquent模型中清理HTML,可以使用我们的自定义转换
<?php namespace App\Models; use Illuminate\Database\Eloquent\Model; use Mews\Purifier\Casts\CleanHtml; use Mews\Purifier\Casts\CleanHtmlInput; use Mews\Purifier\Casts\CleanHtmlOutput; class Monster extends Model { protected $casts = [ 'bio' => CleanHtml::class, // cleans both when getting and setting the value 'description' => CleanHtmlInput::class, // cleans when setting the value 'history' => CleanHtmlOutput::class, // cleans when getting the value ]; }
配置
要使用自己的设置,请发布配置。
php artisan vendor:publish --provider="Mews\Purifier\PurifierServiceProvider"
配置文件config/purifier.php应该如下所示
return [ 'encoding' => 'UTF-8', 'finalize' => true, 'ignoreNonStrings' => false, 'cachePath' => storage_path('app/purifier'), 'cacheFileMode' => 0755, 'settings' => [ 'default' => [ 'HTML.Doctype' => 'HTML 4.01 Transitional', 'HTML.Allowed' => 'div,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]', 'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align', 'AutoFormat.AutoParagraph' => true, 'AutoFormat.RemoveEmpty' => true, ], 'test' => [ 'Attr.EnableID' => 'true', ], "youtube" => [ "HTML.SafeIframe" => 'true', "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%", ], 'custom_definition' => [ 'id' => 'html5-definitions', 'rev' => 1, 'debug' => false, 'elements' => [ // http://developers.whatwg.org/sections.html ['section', 'Block', 'Flow', 'Common'], ['nav', 'Block', 'Flow', 'Common'], ['article', 'Block', 'Flow', 'Common'], ['aside', 'Block', 'Flow', 'Common'], ['header', 'Block', 'Flow', 'Common'], ['footer', 'Block', 'Flow', 'Common'], // Content model actually excludes several tags, not modelled here ['address', 'Block', 'Flow', 'Common'], ['hgroup', 'Block', 'Required: h1 | h2 | h3 | h4 | h5 | h6', 'Common'], // http://developers.whatwg.org/grouping-content.html ['figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common'], ['figcaption', 'Inline', 'Flow', 'Common'], // http://developers.whatwg.org/the-video-element.html#the-video-element ['video', 'Block', 'Optional: (source, Flow) | (Flow, source) | Flow', 'Common', [ 'src' => 'URI', 'type' => 'Text', 'width' => 'Length', 'height' => 'Length', 'poster' => 'URI', 'preload' => 'Enum#auto,metadata,none', 'controls' => 'Bool', ]], ['source', 'Block', 'Flow', 'Common', [ 'src' => 'URI', 'type' => 'Text', ]], // http://developers.whatwg.org/text-level-semantics.html ['s', 'Inline', 'Inline', 'Common'], ['var', 'Inline', 'Inline', 'Common'], ['sub', 'Inline', 'Inline', 'Common'], ['sup', 'Inline', 'Inline', 'Common'], ['mark', 'Inline', 'Inline', 'Common'], ['wbr', 'Inline', 'Empty', 'Core'], // http://developers.whatwg.org/edits.html ['ins', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']], ['del', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']], ], 'attributes' => [ ['iframe', 'allowfullscreen', 'Bool'], ['table', 'height', 'Text'], ['td', 'border', 'Text'], ['th', 'border', 'Text'], ['tr', 'width', 'Text'], ['tr', 'height', 'Text'], ['tr', 'border', 'Text'], ], ], 'custom_attributes' => [ ['a', 'target', 'Enum#_blank,_self,_target,_top'], ], 'custom_elements' => [ ['u', 'Inline', 'Inline', 'Common'], ], ], ];
变更日志
请参阅Github发行版标签以获取有关最近更改的更多信息。
安全性
如果您发现任何与安全相关的问题,请通过电子邮件联系作者,而不是使用问题跟踪器。
致谢
- HTMLPurifier.org - 创建了这个包使用的实际HTML Purifier;
- Muharrem ERİN - 包作者和维护者;
- 所有贡献者
许可
MIT。请参阅许可文件以获取更多信息。