Composer
首页 包列表 提交包 常见问题 关于

medilies/xssless 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

medilies/xssless

最新稳定版本:v0.4.0

Composer 安装命令:

composer require medilies/xssless

包简介

Clean your rich text from XSS threats.

关键字:

# filter # html # laravel # xss # sanitizer # Purifier # safe # cleaner # prevent

README 文档

README

Latest Version on Packagist pest phpstan

workflow

Why use Xssless

  • Your application features a Rich Text Editor and you want to prevent all XSS.
  • You want full HTML5 & CSS3 support.
  • You want to allow all safe HTML elements, their attributes, and CSS properties without going deep into whitelist configs.

The default driver aligns with OWASP recommendations:

... OWASP recommends DOMPurify for HTML Sanitization.

Requirements

  • PHP >= 8.2
  • ext-json
  • Node >= 18
  • NPM

Installation

Install the package via composer:

composer require medilies/xssless

For non Laravel projects, pick a config and run the following code:

$config = new Medilies\Xssless\Dompurify\DompurifyCliConfig('node', 'npm');

(new Medilies\Xssless\Xssless)
    ->using($config)
    ->setup();

For Laravel projects, run the following command:

php artisan xssless:setup

Usage

Using Medilies\Xssless\Dompurify\DompurifyCliConfig:

(new Medilies\Xssless\Xssless)
    ->using(new Medilies\Xssless\Dompurify\DompurifyCliConfig)
    ->clean($html);

Using Medilies\Xssless\Dompurify\DompurifyServiceConfig:

$config = new Medilies\Xssless\Dompurify\DompurifyServiceConfig(
    host: '127.0.0.1', 
    port: 63000
);

$xssless = (new Medilies\Xssless\Xssless)
    ->using($config);

/**
 * It is better to have this part in a separate script
 * that runs continuously and independently from your app 
 */
$xssless->start();

$xssless->clean($html);

Laravel usage

You can publish the config file with:

php artisan vendor:publish --tag="xssless-config"

This is the contents of the published config file:

return [
    'default' => 'dompurify-cli',

    'drivers' => [
        'dompurify-cli' => new DompurifyCliConfig(
            node: env('NODE_PATH', 'node'), // @phpstan-ignore argument.type
            npm: env('NPM_PATH', 'npm'), // @phpstan-ignore argument.type
            binary: null,
            tempFolder: null,
        ),
        
        'dompurify-service' => new DompurifyServiceConfig(
            node: env('NODE_PATH', 'node'), // @phpstan-ignore argument.type
            npm: env('NPM_PATH', 'npm'), // @phpstan-ignore argument.type
            host: '127.0.0.1',
            port: 63000,
            binary: null,
        ),
    ],
];

Run the following command (Not required by all drivers):

php artisan xssless:start

Use the facade:

Medilies\Xssless\Laravel\Facades\Xssless::clean($html);

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

统计信息

  • 总下载量: 26
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 28
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 28
  • Watchers: 3
  • Forks: 0
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: MIT
  • 更新时间: 2024-08-07