friendsofhyperf/purifier
Composer 安装命令:
composer require friendsofhyperf/purifier
包简介
Hyperf HtmlPurifier Package
README 文档
README
HTML filter. forked from mews/purifier.
Installation
Require this package with composer:
composer require friendsofhyperf/purifier
The service provider will be auto-discovered. You do not need to add the provider anywhere.
Usage
Use these methods inside your requests or middleware, wherever you need the HTML cleaned up:
clean($request->get('inputname'));
or
ApplicationContext::getContainer()->get(Purifier::class)->clean($request->get('inputname'));
dynamic config
clean('This is my H1 title', 'titles'); clean('This is my H1 title', array('Attr.EnableID' => true));
or
ApplicationContext::getContainer()->get(Purifier::class)->clean('This is my H1 title', 'titles'); ApplicationContext::getContainer()->get(Purifier::class)->clean('This is my H1 title', array('Attr.EnableID' => true));
use URI filter
ApplicationContext::getContainer()->get(Purifier::class)->clean('This is my H1 title', 'titles', function (HTMLPurifier_Config $config) { $uri = $config->getDefinition('URI'); $uri->addFilter(new HTMLPurifier_URIFilter_NameOfFilter(), $config); });
Alternatively, if you're looking to clean your HTML inside your Eloquent models, you can use our custom casts:
<?php namespace App\Models; use Hyperf\DbConnection\Model\Model; use FriendsOfHyperf\Purifier\Casts\CleanHtml; use FriendsOfHyperf\Purifier\Casts\CleanHtmlInput; use FriendsOfHyperf\Purifier\Casts\CleanHtmlOutput; class Monster extends Model { protected array $casts = [ 'bio' => CleanHtml::class, // cleans both when getting and setting the value 'description' => CleanHtmlInput::class, // cleans when setting the value 'history' => CleanHtmlOutput::class, // cleans when getting the value ]; }
Configuration
To use your own settings, publish config.
php bin/hyperf.php vendor:publish friendsofhyperf/purifier
Config file config/autoload/purifier.php should like this
return [ 'encoding' => 'UTF-8', 'finalize' => true, 'ignore_non_strings' => false, 'cache_path' => storage_path('app/purifier'), 'cache_file_mode' => 0755, 'settings' => [ 'default' => [ 'HTML.Doctype' => 'HTML 4.01 Transitional', 'HTML.Allowed' => 'div,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]', 'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align', 'AutoFormat.AutoParagraph' => true, 'AutoFormat.RemoveEmpty' => true, ], 'test' => [ 'Attr.EnableID' => 'true', ], "youtube" => [ "HTML.SafeIframe" => 'true', "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%", ], 'custom_definition' => [ 'id' => 'html5-definitions', 'rev' => 1, 'debug' => false, 'elements' => [ // https://developers.whatwg.org/sections.html ['section', 'Block', 'Flow', 'Common'], ['nav', 'Block', 'Flow', 'Common'], ['article', 'Block', 'Flow', 'Common'], ['aside', 'Block', 'Flow', 'Common'], ['header', 'Block', 'Flow', 'Common'], ['footer', 'Block', 'Flow', 'Common'], // Content model actually excludes several tags, not modelled here ['address', 'Block', 'Flow', 'Common'], ['hgroup', 'Block', 'Required: h1 | h2 | h3 | h4 | h5 | h6', 'Common'], // https://developers.whatwg.org/grouping-content.html ['figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common'], ['figcaption', 'Inline', 'Flow', 'Common'], // https://developers.whatwg.org/the-video-element.html#the-video-element ['video', 'Block', 'Optional: (source, Flow) | (Flow, source) | Flow', 'Common', [ 'src' => 'URI', 'type' => 'Text', 'width' => 'Length', 'height' => 'Length', 'poster' => 'URI', 'preload' => 'Enum#auto,metadata,none', 'controls' => 'Bool', ]], ['source', 'Block', 'Flow', 'Common', [ 'src' => 'URI', 'type' => 'Text', ]], // https://developers.whatwg.org/text-level-semantics.html ['s', 'Inline', 'Inline', 'Common'], ['var', 'Inline', 'Inline', 'Common'], ['sub', 'Inline', 'Inline', 'Common'], ['sup', 'Inline', 'Inline', 'Common'], ['mark', 'Inline', 'Inline', 'Common'], ['wbr', 'Inline', 'Empty', 'Core'], // https://developers.whatwg.org/edits.html ['ins', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']], ['del', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']], ], 'attributes' => [ ['iframe', 'allowfullscreen', 'Bool'], ['table', 'height', 'Text'], ['td', 'border', 'Text'], ['th', 'border', 'Text'], ['tr', 'width', 'Text'], ['tr', 'height', 'Text'], ['tr', 'border', 'Text'], ], ], 'custom_attributes' => [ ['a', 'target', 'Enum#_blank,_self,_target,_top'], ], 'custom_elements' => [ ['u', 'Inline', 'Inline', 'Common'], ], ], ];
friendsofhyperf/purifier 适用场景与选型建议
friendsofhyperf/purifier 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 8 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 12 月 05 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「htmlpurifier」 「xss」 「Purifier」 「hyperf」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 friendsofhyperf/purifier 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 friendsofhyperf/purifier 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 friendsofhyperf/purifier 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
An HTML/XHTML filter written in PHP. Checks on attribute values. Can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.
Provide a way to secure accesses to all routes of an symfony application.
Laravel 5/6/7/8/9/10 HtmlPurifier Package
It's a barebone security class written on PHP
Laravel HtmlPurifier Package
Laravel 5/6/7/8/9/10/12/13 HtmlPurifier Package
统计信息
- 总下载量: 8
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 20
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2024-12-05