chrisshick/cakephp3-html-purifier
Composer 安装命令:
composer require chrisshick/cakephp3-html-purifier
包简介
This is a CakePHP3 Purifier Plugin Behavior that cleanses data before it is marshalled into the entity.
README 文档
README
This plugin is a sanitizer for entity data that uses the Html Purifier Library: http://htmlpurifier.org/
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.
Recognition
I have to give credit to @josegonzalez for giving me the inspiration to write this based on his Purifiable Behavior.
Requirements
- CakePHP 3.1.x
- PHP >= 5.4.16
Installation
You can install this plugin into your CakePHP application using composer.
The recommended way to install composer packages is:
composer require chrisshick/cakephp3-html-purifier
or add the plugin to your project's composer.json like this:
{
"require": {
"chrisshick/cakephp3-html-purifier": "dev-master"
}
}
##Enable the Plugin In 3.x all you need to do to enable the plugin is:
Plugin::load('ChrisShick/CakePHP3HtmlPurifier');
If you are already using Plugin::loadAll();, then you do not need to do the above step.
##Usage To start sanitizing your data, you need to attach the behavior to your table in the initialization function and pass in the fields that you want to be sanitized:
$this->addBehavior('ChrisShick/CakePHP3HtmlPurifier.HtmlPurifier', [
'fields'=>['title','description']
]);
By default the behavior purifies only on the beforeMarshal Event. To disable this, you should do the following:
$this->addBehavior('ChrisShick/CakePHP3HtmlPurifier.HtmlPurifier', [
'events' => [
Model.beforeMarshal => false,
// you can also uncomment the line below to turn on the purifier only on the beforeSave event
//Model.beforeSave => true,
]
]);
You can also have the purifier called on a custom event:
$this->addBehavior('ChrisShick/CakePHP3HtmlPurifier.HtmlPurifier', [
'events' => [
Model.myCustomEvent => true,
]
]);
You can adjust the HtmlPurifier configuration by passing in the config key into the configuration:
$this->addBehavior('ChrisShick/CakePHP3HtmlPurifier.HtmlPurifier', [
'config' => [
'HTML' => [
'DefinitionID' => 'purifiable',
'DefinitionRev' => 1,
'TidyLevel' => 'heavy',
'Doctype' => 'XHTML 1.0 Transitional'
],
'Core' => [
'Encoding' => 'UTF-8'
],
'AutoFormat' => [
'RemoveSpansWithoutAttributes' => true,
'RemoveEmpty' => true
],
],
]);
You can find all the configurable options and custom filters on the http://htmlpurifier.org/ website.
###HTML5 support
HTMLPurifier does not support HTML 5. However, the plugin incorporates work to add new elements (e.g. article, section, video, mark) to the HTML definition, based on HTML 4.01 Transitional, so HTMLPurifier won't strip them. To enable this functionality, specify the Doctype as 'HTML 5' in your configuration.
##License
The MIT License (MIT)
Copyright (c) 2015 Chris Hickingbottom
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
chrisshick/cakephp3-html-purifier 适用场景与选型建议
chrisshick/cakephp3-html-purifier 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 172.95k 次下载、GitHub Stars 达 12, 最近一次更新时间为 2015 年 03 月 31 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「plugin」 「cakephp」 「htmlpurifier」 「entities」 「fields」 「Purifier」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 chrisshick/cakephp3-html-purifier 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 chrisshick/cakephp3-html-purifier 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 chrisshick/cakephp3-html-purifier 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
CakePHP 4.x AdminLTE Theme.
Laravel 5/6/7/8/9/10 HtmlPurifier Package
Email Toolkit Plugin for CakePHP
Laravel HtmlPurifier Package
Laravel 5/6/7/8/9/10/12/13 HtmlPurifier Package
Rhino, a CMS and Application-Framework plugin for CakePHP
统计信息
- 总下载量: 172.95k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 12
- 点击次数: 28
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2015-03-31