tianya
7 months ago
1 changed files with 11 additions and 8 deletions
Unified View
Diff Options
+ 11
- 8
src/system/helpers/filter.helper.php
View File
| @@ -33,10 +33,10 @@ if (!function_exists('HtmlReplace')) { | |||||
| static $purifier = null; | static $purifier = null; | ||||
| $config = HTMLPurifier_Config::createDefault(); | $config = HTMLPurifier_Config::createDefault(); | ||||
| $config->set('HTML.Allowed', ''); //只保留文本 | $config->set('HTML.Allowed', ''); //只保留文本 | ||||
| $config->set('Cache.SerializerPath', DEDEDATA.'/cache'); | |||||
| $config->set('Core.Encoding', 'UTF-8'); | |||||
| $config->set('HTML.Allowed', ''); | |||||
| if ($purifier === null) { | if ($purifier === null) { | ||||
| $config->set('Cache.SerializerPath', DEDEDATA.'/cache'); | |||||
| $config->set('Core.Encoding', 'UTF-8'); | |||||
| $config->set('HTML.Allowed', ''); | |||||
| $purifier = new HTMLPurifier($config); | $purifier = new HTMLPurifier($config); | ||||
| } | } | ||||
| // 处理不同模式 | // 处理不同模式 | ||||
| @@ -53,8 +53,12 @@ if (!function_exists('HtmlReplace')) { | |||||
| $str = preg_replace("/\s+/", '', $str); | $str = preg_replace("/\s+/", '', $str); | ||||
| } else { | } else { | ||||
| //仅替换网页危险标记 | //仅替换网页危险标记 | ||||
| $config->set('HTML.ForbiddenElements', ['script', 'iframe', 'object', 'embed', 'form', 'input', 'button', 'textarea', 'select', 'meta', 'link']); | |||||
| $str = $purifier->purify($str); | |||||
| $configNew = HTMLPurifier_Config::createDefault(); | |||||
| $configNew->set('Cache.SerializerPath', DEDEDATA.'/cache'); | |||||
| $configNew->set('HTML.Allowed', 'p,b,strong,i,em,u,a[href|title],ul,ol,li,img[src|alt|width|height|style],video[src|alt|width|height|style],br,span[class]'); | |||||
| $configNew->set('HTML.ForbiddenElements', ['script', 'iframe', 'object', 'embed', 'form', 'input', 'button', 'textarea', 'select', 'meta', 'link']); | |||||
| $purifierNew = new HTMLPurifier($configNew); | |||||
| $str = $purifierNew->purify($str); | |||||
| } | } | ||||
| return addslashes($str); | return addslashes($str); | ||||
| } | } | ||||
| @@ -71,14 +75,13 @@ if (!function_exists('RemoveXSS')) { | |||||
| static $purifier = null; | static $purifier = null; | ||||
| if ($purifier === null) { | if ($purifier === null) { | ||||
| $config = HTMLPurifier_Config::createDefault(); | $config = HTMLPurifier_Config::createDefault(); | ||||
| $config->set('Core.Encoding', 'UTF-8'); | |||||
| //启用缓存(提升性能) | //启用缓存(提升性能) | ||||
| $config->set('Cache.SerializerPath', DEDEDATA.'/cache'); //生产环境建议设定缓存目录 | $config->set('Cache.SerializerPath', DEDEDATA.'/cache'); //生产环境建议设定缓存目录 | ||||
| //允许的网页元素(可以根据需要调整) | //允许的网页元素(可以根据需要调整) | ||||
| $config->set('HTML.Allowed', 'p,b,strong,i,em,u,a[href|title],ul,ol,li,img[src|alt|width|height],br,span[class]'); | |||||
| $config->set('HTML.Allowed', 'p,b,strong,i,em,u,a[href|title],ul,ol,li,img[src|alt|width|height|style],video[src|alt|width|height|style],br,span[class]'); | |||||
| //过滤JavaScript、CSS注入 | //过滤JavaScript、CSS注入 | ||||
| $config->set('CSS.AllowedProperties', []); | $config->set('CSS.AllowedProperties', []); | ||||
| $config->set('URI.DisableExternalResources', true); | |||||
| $config->set('URI.DisableResources', true); | |||||
| $purifier = new HTMLPurifier($config); | $purifier = new HTMLPurifier($config); | ||||
| } | } | ||||
| return $purifier->purify($val); | return $purifier->purify($val); | ||||