purifier XSS 过滤器如何添加 video 白名单呢

2018-08-20 22:12:20 +08:00
 yangajiujiuwob
php 小白,折腾大半天也没搞定,sos

<?php
/**
* Ok, glad you are here
* first we get a config instance, and set the settings
* $config = HTMLPurifier_Config::createDefault();
* $config->set('Core.Encoding', $this->config->get('purifier.encoding'));
* $config->set('Cache.SerializerPath', $this->config->get('purifier.cachePath'));
* if ( ! $this->config->get('purifier.finalize')) {
* $config->autoFinalize = false;
* }
* $config->loadArray($this->getConfig());
*
* You must NOT delete the default settings
* anything in settings should be compacted with params that needed to instance HTMLPurifier_Config.
*
* @link http://htmlpurifier.org/live/configdoc/plain.html
*/

return [

'encoding' => 'UTF-8',
'finalize' => true,
'cachePath' => storage_path('app/purifier'),
'settings' => [
'default' => [
'HTML.Doctype' => 'XHTML 1.0 Transitional',
'HTML.Allowed' => 'div,b,font[color|style],strong,i,em,pre,a[href|title|target],ul,ol,li,p[style],br,span[style],img[width|height|alt|src|style|class],table[class|width],td,tr,blockquote,h1,h2,h3,h4,h4,h5,video[width|height|alt|src|style|class]',
'CSS.AllowedProperties' => 'font,font-size,width,height,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
'Attr.AllowedFrameTargets' =>'_blank',
'AutoFormat.AutoParagraph' => true,
'AutoFormat.RemoveEmpty' => true,
],
'test' => [
'Attr.EnableID' => true
],
"youtube" => [
"HTML.SafeIframe" => 'true',
"URI.SafeIframeRegexp" => "%^( http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%",
],
],

];
1131 次点击
所在节点    问与答
2 条回复
yangajiujiuwob
2018-08-20 22:58:44 +08:00
0 回复惨案...
yangajiujiuwob
2018-08-21 09:44:37 +08:00
悲剧啊,居然 0 回复,偌大个 V2EX 竟然没有人知道么

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/481613

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX