How to prevent XSS attacks when laravel uses {!!content!!}?
習慣沉默
習慣沉默 2017-05-16 16:48:38
0
1
717

Generally use {{$article->title}},
But sometimes there is a format, so you need this:
{!!$article->body !!},
But this will lead to xss attacks. How to deal with it to prevent xss attacks?

習慣沉默
習慣沉默

reply all(1)
黄舟

It is recommended to use Purifier to filter, and you can configure filtering rules.

'encoding' => 'UTF-8',
'finalize' => true,
'preload'  => false,
'cachePath' => null,
'settings' => [
    'default' => [
        'HTML.Doctype'             => 'XHTML 1.0 Strict',
        'HTML.Allowed'             => 'p,b,strong,i,em,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]',
        'CSS.AllowedProperties'    => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
        'AutoFormat.AutoParagraph' => true,
        'AutoFormat.RemoveEmpty'   => true
    ],
    'test' => [
        'Attr.EnableID' => true
    ],
    "youtube" => [
        "HTML.SafeIframe" => 'true',
        "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%",
    ],
],

How to use

{!! clean($article->body) !!}
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template