Stauros是一个用于消除XSS攻击的PHP库,特别提示这是一个实验性的项目,使用需谨慎。它支持HTML内容的扫描和流处理,提供配置选项如标签白名单和自定义属性回调,以实现更高级的定制。通过简单的调用即可实现HTML的清理工作。
Stauros
一个快速的XSS消除PHP库.
IMPORTANT THIS IS AN EXPERIMENTAL LIBRARY, USE AT YOUR OWN RISK
How to use it
With the default settings, simply callStauros->scanHTML(): $stauros = new Stauros;$clean = $stauros->scanHTML($dirty);
Easy as that
Working with streams
Stauros supports streaming content as well. You can use a stream as input, getting a string as output: $clean = $stauros->scanHTMLStreamToString($stream);
Or you can use it as a stream to stream process: $stauros->scanHTMLStreamToStream($input, $output);
Advanced Usage
The configuration class (Stauros\HTML\Config) allows you to specify html tag whitelists, as well as attribute whitelist and implement an attribute callback for further customization.
项目主页:http://www.open-open.com/lib/view/home/1441378271175
本文原创发布php中文网,转载请注明出处,感谢您的尊重!
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
