1. Installation
Htmlpurifier is a rich text HTML filter written in PHP, usually we can use it to prevent XSS cross-site attacks, more information about Htmlpurifier please refer to its official website: http://htmlpurifier.org/. Purifier is an expansion pack that integrates htmlpurifier in Laravel 5, and we can install this extension package through Composer:
Composer require Mews/purifier
After the installation is complete, register the Htmlpurifier service provider in the providers of the configuration file config/app.php:
' Providers ' = [ //... ] Mews\purifier\purifierserviceprovider::class,]
Then register the purifier façade in the aliases:
' Aliases ' = [ //... ] Purifier ' = Mews\purifier\facades\purifier::class,]
2. Configuration
To use a custom configuration, publish the configuration file to the Config directory:
PHP Artisan Vendor:publish
This will generate a purifier.php file in the Config directory:
return [ ' encoding ' = ' UTF-8 ', ' finalize ' = = True, ' preload ' = False, ' cachepath ' = > null, ' settings ' = [ ' default ' = = ' HTML. Doctype ' + ' XHTML 1.0 Strict ', ' HTML. Allowed ' = ' div,b,strong,i,em,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src] ', ' CSS. Allowedproperties ' = ' and ' Font,font-size,font-weight,font-style,font-family,text-decoration,padding-left, Color,background-color,text-align ', ' autoformat.autoparagraph ' =-true, ' Autoformat.removeempty ' = True ], ' test ' = [ ' attr.enableid ' = ' = True ], ' youtube ' = [ ' Html. Safeiframe "= ' true ', " URI. Safeiframeregexp "="%^ (http://|https://|//) (www.youtube.com/embed/|player.vimeo.com/video/)% ", ], ],];
3. Examples of Use
You can use the auxiliary function clean:
Clean (input::get (' InputName '));
Or use the Clean method provided by the purifier façade:
Purifier::clean (Input::get (' InputName '));
You can also configure it dynamically in your app:
Clean (' It is my H1 title ', ' titles '), and clean (' This is my H1 title ', Array (' attr.enableid ' = true));
Or you can also use the method provided by the purifier façade:
Purifier::clean (' This is my H1 title ', ' titles '); Purifier::clean (' This is my H1 title ', Array (' attr.enableid ' = true));