这里我使用是htmlpurifier-html5因为支持html5标签
composer require xemlock/htmlpurifier-html5
/* 过滤xss函数 */
public static function clearXSS($string){
$config = \HTMLPurifier_HTML5Config::createDefault();
$config->set('URI.AllowedSchemes', array (
'http' => true,
'https' => true,
'mailto' => true,
'ftp' => true,
'nntp' => true,
'news' => true,
'tel' => true,
// 重点在这里让它支持data开头协议
'data' => true
));
$purifier = new \HTMLPurifier($config);
return $purifier->purify($string);
}
相关文章