A _php instance for preventing XSS cross-station attacks in Laravel5

The examples in this article describe the ways to prevent XSS cross-site attacks in Laravel5. Share to everyone for your reference, specific as follows:

Laravel 5 itself does not have the capability to prevent XSS cross-site attacks, but it can use Purifier expansion pack Integration Htmlpurifier prevent XSS cross-site attacks.

1, installation

Htmlpurifier is a rich text HTML filter based on PHP that we can use to prevent XSS cross-site attacks, and for more information on Htmlpurifier, please refer to its official website: http://htmlpurifier.org/. Purifier is an expansion pack that integrates htmlpurifier in Laravel 5, and we can install this expansion pack through Composer:

Composer require Mews/purifier

After the installation is complete, register the Htmlpurifier service provider in the providers of the profile config/app.php:

' Providers ' => [/
 /...
 ] Mews\purifier\purifierserviceprovider::class,
]
then registers the purifier façade in the aliases:
' aliases ' => [/
 /...
 ' purifier ' => mews\purifier\facades\purifier::class,
]

2, configuration

To use a custom configuration, publish the configuration file to the Config directory:

PHP Artisan Vendor:publish

This will generate a purifier.php file in the Config directory:

return [
 ' encoding ' => ' UTF-8 ',
 ' Finalize ' => true,
 ' preload ' => false,
 ' CachePath ' => null ,
 ' Settings ' => ['
  default ' => [
   ' HTML]. Doctype '    => ' XHTML 1.0 Strict ',
   ' HTML. Allowed '    => ' div,b,strong,i,em,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src] ',
   ' CSS. Allowedproperties ' => ' Font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color, Background-color,text-align ',
   ' autoformat.autoparagraph ' => true,
   ' Autoformat.removeempty ' => true
  ],
  ' test ' => [
   ' Attr.enableid ' => true
  ],
  ' YouTube ' => [
   HTML. Safeiframe "=> ' true ',
   " URI. Safeiframeregexp "=>"%^ (http://|https://|//) (www.youtube.com/embed/|player.vimeo.com/video/)% ",
  ],
 ],
];

3, using the example

You can use the Accessibility function clean:

Clean (input::get (' InputName '));

Or use the Clean method provided by the purifier façade:

Purifier::clean (Input::get (' InputName '));

You can also dynamically configure in your application:

Clean (' It is my H1 title ', ' titles ');
Clean (' It is my H1 title ', Array (' Attr.enableid ' => true));

Or you can use the purifier façade to provide the method:

Purifier::clean (' This are my H1 title ', ' titles ');
Purifier::clean (' This are my H1 title ', Array (' Attr.enableid ' => true));

PHP prevents XSS attacks

More interested in laravel related content readers can view the site topics: "Laravel Framework Introduction and Advanced Course", "PHP Excellent Development Framework Summary", "Smarty Template Primer Tutorial", "PHP date and Time usage summary", "PHP object-oriented Program Design Introductory Course ", PHP string (String) Usage summary," PHP+MYSQL Database operation Introduction Tutorial "and" PHP common database Operation Skills Summary "

I hope this article will help you with the PHP program design based on Laravel framework.