php防止xss攻擊，過濾不正常的所有html標籤和腳本

先安裝擴展支持

composer require lincanbin/white-html-filter

然後自己創建一個過濾的類

<?php

namespace xss;

use lincanbin\WhiteHTMLFilter;

class xss
{
    public function parse($uedata)
    {
        $filter = new WhiteHTMLFilter();
        $filter->config->removeAllAllowTag();
        $filter->config->modifyTagWhiteList(array(
            'a' => array('target', 'href', 'title', 'class', 'style'),
            'abbr' => array('title', 'class', 'style'),
            'address' => array('class', 'style'),
            'area' => array('shape', 'coords', 'href', 'alt'),
            'article' => array(),
            'aside' => array(),
            'audio' => array('autoplay', 'controls', 'loop', 'preload', 'src', 'class', 'style'),
            'b' => array('class', 'style'),
            'bdi' => array('dir'),
            'bdo' => array('dir'),
            'big' => array(),
            'blockquote' => array('cite', 'class', 'style'),
            'br' => array(),
            'caption' => array('class', 'style'),
            'center' => array(),
            'cite' => array(),
            'code' => array('class', 'style'),
            'col' => array('align', 'valign', 'span', 'width', 'class', 'style'),
            'colgroup' => array('align', 'valign', 'span', 'width', 'class', 'style'),
            'dd' => array('class', 'style'),
            'del' => array('datetime'),
            'details' => array('open'),
            'div' => array('class', 'style'),
            'dl' => array('class', 'style'),
            'dt' => array('class', 'style'),
            'em' => array('class', 'style'),
            'font' => array('color', 'size', 'face'),
            'footer' => array(),
            'h1' => array('class', 'style'),
            'h2' => array('class', 'style'),
            'h3' => array('class', 'style'),
            'h4' => array('class', 'style'),
            'h5' => array('class', 'style'),
            'h6' => array('class', 'style'),
            'header' => array(),
            'hr' => array(),
            'i' => array('class', 'style'),
            'img' => array('src', 'alt', 'title', 'width', 'height', 'id', '_src', 'loadingclass', 'class', 'data-latex', 'style'),
            'ins' => array('datetime'),
            'li' => array('class', 'style'),
            'mark' => array(),
            'nav' => array(),
            'ol' => array('class', 'style'),
            'p' => array('class', 'style'),
            'pre' => array('class', 'style'),
            's' => array(),
            'section' => array(),
            'small' => array(),
            'span' => array('class', 'style'),
            'sub' => array('class', 'style'),
            'sup' => array('class', 'style'),
            'strong' => array('class', 'style'),
            'table' => array('width', 'border', 'align', 'valign', 'class', 'style'),
            'tbody' => array('align', 'valign', 'class', 'style'),
            'td' => array('width', 'rowspan', 'colspan', 'align', 'valign', 'class', 'style'),
            'tfoot' => array('align', 'valign', 'class', 'style'),
            'th' => array('width', 'rowspan', 'colspan', 'align', 'valign', 'class', 'style'),
            'thead' => array('align', 'valign', 'class', 'style'),
            'tr' => array('rowspan', 'align', 'valign', 'class', 'style'),
            'tt' => array(),
            'u' => array(),
            'text' => array(),
            'ul' => array('class', 'style'),
            'video' => array('autoplay', 'controls', 'loop', 'preload', 'src', 'height', 'width', 'class', 'style')
        ));
        $filter->loadHTML($uedata);
        $filter->clean();
        return $filter->outputHtml();
    }
}

再需要提交html正文的位置使用它就行了。

查看效果以及示例請到原文地址：原文地址