vanilla/htmlawed
Composer 安装命令:
composer require vanilla/htmlawed
包简介
A composer wrapper for the htmLawed library to purify & filter HTML. Tested with PHPUnit and PhantomJS!
README 文档
README
A composer wrapper for the htmLawed library to purify & filter HTML. Tested with PHPUnit and PhantomJS.
Why use htmLawed?
If your website has any user-generated content then you need to worry about cross-site scripting (XSS). htmLawed will take a piece of potentially malicious html and remove the malicious code, leaving the rest of html behind.
Beyond the base htmLawed library, this package makes htmLawed a composer package and wraps it in an object so that it can be autoloaded.
Installation
htmLawed requres PHP 5.4 or higher
htmLawed is PSR-4 compliant and can be installed using composer. Just add vanilla/htmlawed to your composer.json.
"require": { "vanilla/htmlawed": "~1.0" }
Example
echo Htmlawed::filter('<h1>Hello world!'); // Outputs: '<h1>Hello world!</h1>'. echo Htmlawed::filter('<i>nothing to see</i><script>alert("xss")</script>') // Outputs: '<i>nothing to see</i>alert("xss")'
Configs and Specs
The htmLawed filter takes two optional parameters: $config and $spec. This library provides sensible defaults to these parameters, but you can override them in Htmlawed::filter().
$xss = "<i>nothing to see <script>alert('xss')</script>"; // Pass an empty config and spec for no filtering of malicious code. echo Htmlawed::filter($xss, [], []); // Outputs: '<i>nothing to see <script type="text/javascript">alert("xss")</script></i>' // Pass safe=1 to turn on all the safe options. echo Htmlawed::filter($xss, ['safe' => 1]); // Outputs: '<i>nothing to see alert("xss")</i>' // We provide a convenience method that strips all tags that aren't supposed to be in rss feeds. echo Htmlawed::filterRSS('<html><body><h1>Hello world!</h1></body></html>'); // Outputs: '<h1>Hello world!</h1>'
See the htmLawed documentation for the full list of options.
Differences in Vanilla's version of Htmlawed
We try and use the most recent version of htmLawed with as few changes as possible so that bug fixes and security releases can be merged from the main project. However, We've made a few changes in the source code.
- Balance tags (hl_bal) before validating tags (hl_tag). We found some cases where an unbalanced script tag would not get removed and this addresses that issue.
- Don't add an extra
<div>inside of<blockquote>tags. - Remove naked
<span>. - Change indentation from 1 space to 4 spaces.
If the original author of htmLawed wants to make any of these changes upstream please get in contact with support@vanillaforums.com.
vanilla/htmlawed 适用场景与选型建议
vanilla/htmlawed 是一款 基于 HTML 开发的 Composer 扩展包,目前已累计 642.97k 次下载、GitHub Stars 达 40, 最近一次更新时间为 2014 年 07 月 16 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 vanilla/htmlawed 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 vanilla/htmlawed 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 642.97k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 42
- 点击次数: 27
- 依赖项目数: 6
- 推荐数: 0
其他信息
- 授权协议: LGPL-3.0
- 更新时间: 2014-07-16