1、创建中间件
- php artisan make:middleware XSSClean
- <?php
- namespace App\Http\Middleware;
- use Closure;
- use Illuminate\Http\Request;
- class XSSClean
- {
- /**
- * Handle an incoming request.
- *
- * @param \Illuminate\Http\Request $request
- * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
- * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
- */
- public function handle(Request $request, Closure $next)
- {
- // return $next($request);
- $query = $request->query->all();
- $req = $request->request->all();
- // $all = $request->all();
- array_walk_recursive($query, function (&$params) {
- // $params = htmlspecialchars($params);
- $params = strip_tags($params);
- });
- $request->query->replace($query);
- // $request->merge($query);
- array_walk_recursive($req, function (&$params) {
- // $params = htmlspecialchars($params);
- $params = strip_tags($params);
- });
- $request->request->replace($req);
- // $request->merge($req);
- return $next($request);
- }
- }
- protected $middleware = [
- // ...
- XSSClean::class, // 增加xss处理中间件
- // ...
- ];
其他方案:
- composer require mews/purifier
参考:
laravel8 实现XSS防备处理方案_laravel防止转义xss-CSDN博客
360通用php防护代码(利用操作详解)_php编程-跟版网
https://www.cnblogs.com/bingtang123/p/12844659.html
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
