Composer
首页 包列表 提交包 常见问题 关于

mikemix/zf2htmlpurifier 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

mikemix/zf2htmlpurifier

最新稳定版本:1.0.1

Composer 安装命令:

composer require mikemix/zf2htmlpurifier

包简介

HTMLPurifier as ZF2 Filter

关键字:

# zf2 # xss # Html Purifier

README 文档

README

Scrutinizer Code Quality Code Coverage Build Status

HTML Purifier as ZF2 filter. Protect yourself from XSS attacks with two simple steps.

Install

Install with Composer "mikemix/zf2htmlpurifier": "~1.0"

Use

Include in form field's filter chain zf2htmlpurifier\Filter\HTMLPurifierFilter, for example:

<?php
namespace MyApp\Form;

use Zend\Form\Form;
use Zend\InputFilter\InputFilterProviderInterface;

class ExampleForm extends Form implements InputFilterProviderInterface
{
    public function init()
    {
        $this->add([
            'name' => 'field',
        ]);
    }
    
    public function getInputFilterSpecification()
    {
        return array(
            // other elements
            'field' => array(
                'required' => true,
                'filters' => array(
                    array('name' => 'zf2htmlpurifier\Filter\HTMLPurifierFilter'),
                ),
            ),
        );
    }

    // or with modern php

    public function getInputFilterSpecification()
    {
        return [
            // other elements
            'field' => [
                'required' => true,
                'filters' => [
                    ['name' => zf2htmlpurifier\Filter\HTMLPurifierFilter::class],
                ],
            ],
        ];
    }
}

// in controller (ugly code example without Dependency Injection)

$fm = $this->getServiceLocator()->get('FormElementManager');

$form = $fm->get(MyApp\Form\ExampleForm::class);
$form->setData(['field' => '<a href="#" onlick="javascript:alert(xss)">link</a>']);
$form->isValid();

// outputs: <a href="#">link</a>
echo $form->getData('field');

Fine tuning HTMLPurifier

You can pass options to configure the HTMLPurifier library.


// the form

    public function getInputFilterSpecification()
    {
        return [
            // other elements
            'field' => [
                'required' => true,
                'filters' => [
                    ['name' => zf2htmlpurifier\Filter\HTMLPurifierFilter::class, 'options' => ['config' => [
                        'Cache.SerializerPath' => '/other/path',
                        'Some.Setting' => 'Setting value',
                    ]]],
                ],
            ],
        ];
    }

Standalone usage

It can be used as standalone class as well:

$purifier = new \zf2htmlpurifier\Filter\HTMLPurifierFilter();

echo $purifier->filter('<a href="#" onlick="javascript:alert(xss)">link</a>');

TODO

  • Convert this to Module and allow defining default HTMLPurifier config via the configuration files

统计信息

  • 总下载量: 6.87k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: MIT
  • 更新时间: 2015-01-27