|
|
|
@@ -33,10 +33,10 @@ if (!function_exists('HtmlReplace')) { |
|
|
|
static $purifier = null;
|
|
|
|
$config = HTMLPurifier_Config::createDefault();
|
|
|
|
$config->set('HTML.Allowed', ''); //只保留文本
|
|
|
|
$config->set('Cache.SerializerPath', DEDEDATA.'/cache');
|
|
|
|
$config->set('Core.Encoding', 'UTF-8');
|
|
|
|
$config->set('HTML.Allowed', '');
|
|
|
|
if ($purifier === null) {
|
|
|
|
$config->set('Cache.SerializerPath', DEDEDATA.'/cache');
|
|
|
|
$config->set('Core.Encoding', 'UTF-8');
|
|
|
|
$config->set('HTML.Allowed', '');
|
|
|
|
$purifier = new HTMLPurifier($config);
|
|
|
|
}
|
|
|
|
// 处理不同模式
|
|
|
|
@@ -53,8 +53,12 @@ if (!function_exists('HtmlReplace')) { |
|
|
|
$str = preg_replace("/\s+/", '', $str);
|
|
|
|
} else {
|
|
|
|
//仅替换网页危险标记
|
|
|
|
$config->set('HTML.ForbiddenElements', ['script', 'iframe', 'object', 'embed', 'form', 'input', 'button', 'textarea', 'select', 'meta', 'link']);
|
|
|
|
$str = $purifier->purify($str);
|
|
|
|
$configNew = HTMLPurifier_Config::createDefault();
|
|
|
|
$configNew->set('Cache.SerializerPath', DEDEDATA.'/cache');
|
|
|
|
$configNew->set('HTML.Allowed', 'p,b,strong,i,em,u,a[href|title],ul,ol,li,img[src|alt|width|height|style],video[src|alt|width|height|style],br,span[class]');
|
|
|
|
$configNew->set('HTML.ForbiddenElements', ['script', 'iframe', 'object', 'embed', 'form', 'input', 'button', 'textarea', 'select', 'meta', 'link']);
|
|
|
|
$purifierNew = new HTMLPurifier($configNew);
|
|
|
|
$str = $purifierNew->purify($str);
|
|
|
|
}
|
|
|
|
return addslashes($str);
|
|
|
|
}
|
|
|
|
@@ -71,14 +75,13 @@ if (!function_exists('RemoveXSS')) { |
|
|
|
static $purifier = null;
|
|
|
|
if ($purifier === null) {
|
|
|
|
$config = HTMLPurifier_Config::createDefault();
|
|
|
|
$config->set('Core.Encoding', 'UTF-8');
|
|
|
|
//启用缓存(提升性能)
|
|
|
|
$config->set('Cache.SerializerPath', DEDEDATA.'/cache'); //生产环境建议设定缓存目录
|
|
|
|
//允许的网页元素(可以根据需要调整)
|
|
|
|
$config->set('HTML.Allowed', 'p,b,strong,i,em,u,a[href|title],ul,ol,li,img[src|alt|width|height],br,span[class]');
|
|
|
|
$config->set('HTML.Allowed', 'p,b,strong,i,em,u,a[href|title],ul,ol,li,img[src|alt|width|height|style],video[src|alt|width|height|style],br,span[class]');
|
|
|
|
//过滤JavaScript、CSS注入
|
|
|
|
$config->set('CSS.AllowedProperties', []);
|
|
|
|
$config->set('URI.DisableExternalResources', true);
|
|
|
|
$config->set('URI.DisableResources', true);
|
|
|
|
$purifier = new HTMLPurifier($config);
|
|
|
|
}
|
|
|
|
return $purifier->purify($val);
|
|
|
|
|
tianya
1 week ago