Composer
首页 包列表 提交包 常见问题 关于

lincanbin/white-html-filter 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

lincanbin/white-html-filter

最新稳定版本:v1.4

Composer 安装命令:

composer require lincanbin/white-html-filter

包简介

A lightweight php-based HTML tag and attribute whitelist filter.

关键字:

# filter # html # xss # whitelist

README 文档

README

A php-based HTML tag and attribute whitelist filter.

XSS filtering based on regular or textual replacement is not safe. This filter uses the DOMDocument based on The Tokenization Algorithm, which is more secure.

Requirements

  • PHP version 5.3.0 or higher.

Installation

Install this package via Composer.

composer require lincanbin/white-html-filter

Or edit your project's composer.json to require lincanbin/white-html-filter and then run composer update.

"require": {
    "lincanbin/white-html-filter": "~1.3"
}

Usage

Basic Usage

Note: You should have composer's autoloader included require 'vendor/autoload.php' (that's obvious.)

Instantiate WhiteHTMLFilter object

use lincanbin\WhiteHTMLFilter;

$html = <<<html
<iframe></iframe>
<div class="contain">
	<span style="color: #f00;">
		test中文
	</span>
</div>
<div class="contain" data-src="xxx" onclick="javascript:alert('xxx');">
	<audio controls = "play">
	  <source src="horse.ogg" type="audio/ogg">
	  <source src="horse.mp3" type="audio/mpeg">
	  Your browser does not support the audio element.
	</audio>
</div>
<div class="contain">
	<span style="color: #f00;" class="aabc">test</span>
</div>
<IMG SRC=javascript:alert('XSS')>
html;

$filter = new WhiteHTMLFilter();
$filter->loadHTML($html);
$filter->clean();
var_dump($filter->outputHtml());

Configuration

  • Remove allowed tags
use lincanbin\WhiteHTMLFilter;
$filter = new WhiteHTMLFilter();
$filter->config->removeAllAllowTag();
//Or
$filter->config->removeFromTagWhiteList('div');
$filter->config->removeFromTagWhiteList(array("div", "table"));
  • Add new allowed tags
use lincanbin\WhiteHTMLFilter;
$filter = new WhiteHTMLFilter();
$filter->config->removeAllAllowTag();
$filter->config->modifyTagWhiteList(array(
    "img" => array("alt", "src", "height", "width"),
    "a" => array("href", "rel", "target", "download", "type")
));
  • Modify allowed HTML global attributes
use lincanbin\WhiteHTMLFilter;
$filter = new WhiteHTMLFilter();
$filter->config->WhiteListHtmlGlobalAttributes = array(
    "class", "style", "title", "data-*"
);
  • Modify allowed css style (Leave blank to allow everything)
use lincanbin\WhiteHTMLFilter;
$filter = new WhiteHTMLFilter();
$filter->config->WhiteListStyle = array(
    "color", "border", "background", "position"
);
  • Modify allowed css class (Leave blank to allow everything)
use lincanbin\WhiteHTMLFilter;
$filter = new WhiteHTMLFilter();
$filter->config->WhiteListCssClass = array(
    "container", "title", "sub-title", "sider-bar"
);

Use Custom Attribute Value Filter

use lincanbin\WhiteHTMLFilter;

$html = <<<html
<iframe width="560" height="315" src="https://www.youtube.com/embed/lBOwxXxesBo" frameborder="0" allowfullscreen>
</iframe>
<iframe width="560" height="315" src="https://www.94cb.com/" frameborder="0" allowfullscreen></iframe>
html;
$filter = new WhiteHTMLFilter();
$urlFilter = function($url) {
    $regex = '~
  ^(?:https?://)?                           # Optional protocol
   (?:www[.])?                              # Optional sub-domain
   (?:youtube[.]com/embed/|youtu[.]be/) # Mandatory domain name (w/ query string in .com)
   ([^&]{11})                               # Video id of 11 characters as capture group 1
    ~x';
    return (preg_match($regex, $url) === 1) ? $url : '';
};

$iframeRule = array(
    'iframe' => array(
        'src' => $urlFilter,
        'width',
        'height',
        'frameborder',
        'allowfullscreen'
    )
);

$filter->loadHTML($html);
$filter->clean();
var_dump($filter->outputHtml());

Result:

<iframe width="560" height="315" src="https://www.youtube.com/embed/lBOwxXxesBo" frameborder="0" allowfullscreen=""></iframe>
<iframe width="560" height="315" src="" frameborder="0" allowfullscreen=""></iframe>

Default Filter Configuration

Donate for White HTML Filter

  • Alipay:

Alipay

  • Wechat:

Wechat

License

Copyright 2017 Canbin Lin (lincanbin@hotmail.com)

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

统计信息

  • 总下载量: 14.82k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 12
  • 点击次数: 1
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 11
  • Watchers: 1
  • Forks: 2
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: Apache-2.0
  • 更新时间: 2017-07-18