一个快速的XSS消除PHP库:Stauros
ygp8
9年前
Stauros
一个快速的XSS消除PHP库.
IMPORTANT
THIS IS AN EXPERIMENTAL LIBRARY, USE AT YOUR OWN RISK
How to use it
With the default settings, simply callStauros->scanHTML():
$stauros = new Stauros; $clean = $stauros->scanHTML($dirty);
Easy as that
Working with streams
Stauros supports streaming content as well. You can use a stream as input, getting a string as output:
$clean = $stauros->scanHTMLStreamToString($stream);
Or you can use it as a stream to stream process:
$stauros->scanHTMLStreamToStream($input, $output);
Advanced Usage
The configuration class (Stauros\HTML\Config) allows you to specify html tag whitelists, as well as attribute whitelist and implement an attribute callback for further customization.