Integrate Htmlpurifier with Purifier expansion pack in Laravel 5 to prevent XSS cross-site attacks

Source: Internet
Author: User

1. Installation

Htmlpurifier is a rich text HTML filter written in PHP, usually we can use it to prevent XSS cross-site attacks, more information about Htmlpurifier please refer to its official website: http://htmlpurifier.org/. Purifier is an expansion pack that integrates htmlpurifier in Laravel 5, and we can install this extension package through Composer:

Composer require Mews/purifier

After the installation is complete, register the Htmlpurifier service provider in the providers of the configuration file config/app.php:

' Providers ' = [    //...    ] Mews\purifier\purifierserviceprovider::class,]

Then register the purifier façade in the aliases:

' Aliases ' = [    //...    ] Purifier ' = Mews\purifier\facades\purifier::class,]

2. Configuration

To use a custom configuration, publish the configuration file to the Config directory:

PHP Artisan Vendor:publish

This will generate a purifier.php file in the Config directory:

return [    ' encoding ' = ' UTF-8 ',    ' finalize ' = = True,    ' preload '  = False,    ' cachepath ' = > null,    ' settings ' = [        ' default ' = = '            HTML. Doctype ' +             ' XHTML 1.0 Strict ',            ' HTML. Allowed '             = ' div,b,strong,i,em,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src] ',            ' CSS. Allowedproperties '    = ' and ' Font,font-size,font-weight,font-style,font-family,text-decoration,padding-left, Color,background-color,text-align ',            ' autoformat.autoparagraph ' =-true,            ' Autoformat.removeempty '   = True        ],        ' test ' = [            ' attr.enableid ' = ' = True        ],        ' youtube ' = [            ' Html. Safeiframe "= ' true ',            " URI. Safeiframeregexp "="%^ (http://|https://|//) (www.youtube.com/embed/|player.vimeo.com/video/)% ",        ],    ],];

3. Examples of Use

You can use the auxiliary function clean:

Clean (input::get (' InputName '));

Or use the Clean method provided by the purifier façade:

Purifier::clean (Input::get (' InputName '));

You can also configure it dynamically in your app:

Clean (' It is my H1 title ', ' titles '), and clean (' This is my H1 title ', Array (' attr.enableid ' = true));

Or you can also use the method provided by the purifier façade:

Purifier::clean (' This is my H1 title ', ' titles '); Purifier::clean (' This is my H1 title ', Array (' attr.enableid ' = true));
  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.