afuafuyo / html-filter-php
A lib for filter html and attributes
v2.0
2021-05-21 11:48 UTC
Requires
- php: >=5.4.0
README
filter html and attributes for php to prevent XSS with a configuration specified by a whitelist
<?php
namespace app\controllers\index;
use Afu\HtmlFilter;
class IndexController extends Controller {
public function run() {
$html = <<<STR
<div class="wrapper">
<h2>这是第一段</h2>
<p style="text-align: center">这是第一段</p>
<blockquote data-role="danger">这是第一段</blockquote>
</div>
STR;
$f = new HtmlFilter();
$f->allowedTags = [
'p' => null, // not support attributes
'div' => ['class' => 1], // support class attribute
'blockquote' => ['data-role' => 1]
];
echo $f->filter($html);
}
}
// output is:
<div class="wrapper">
这是第一段
<p>这是第一段</p>
<blockquote data-role="danger">这是第一段</blockquote>
</div>
change log
2021-04-18 fix pure text filter bug