htmlpurifier下载地址: http://htmlpurifier.org/
purifier下载地址: https://github.com/mewebstudio/Purifier laravel
<?php
/**
* 富文本编辑器
* purifier 用来过滤危险的标签
* VERSION: '4.11.0'
* url: http://htmlpurifier.org/
*/
require_once './htmlpurifier/library/HTMLPurifier.auto.php';
require_once './htmlpurifier/library/HTMLPurifier.func.php';
/**
* 要过滤的xss
*/
$dirty_html = "123456789<a href='http://www.baidu.com'>asdfgh</a><script>'abc' ; alter('abc');</script>";
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
// var_dump($clean_html);exit; // 123456789asdfgh
/**
* fidder抓包
* Raw
* content=123456789%3cscript%3ealter(%27abc%27)%3b%3c%2fscript%3e
*/
$html = HTMLPurifier($dirty_html);
echo $html;
/**
* 封装purifier xss 函数
* dirname(__FILE__)
* purifier 用来过滤危险的标签
*/
function clean($html)
{
require_once './htmlpurifier/library/HTMLPurifier.auto.php';
require_once './htmlpurifier/library/HTMLPurifier.func.php';
$dirty_html = $html ? $html : "123456789<script>alter('abc');</script>";
return HTMLPurifier($dirty_html);
}