1、创建中间件

php artisan make:middleware XSSClean

2、编辑app/Http/Middleware/XSSClean.php文件

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class XSSClean
{
    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        // return $next($request);

        $query = $request->query->all();
        $req = $request->request->all();
        // $all = $request->all();

        array_walk_recursive($query, function (&$params) {
            // $params = htmlspecialchars($params);
            $params = strip_tags($params);
        });

        $request->query->replace($query);
        // $request->merge($query);

        array_walk_recursive($req, function (&$params) {
            // $params = htmlspecialchars($params);
            $params = strip_tags($params);
        });
        $request->request->replace($req);
        // $request->merge($req);

        return $next($request);
    }
}

3、配置app/Http/Kernel.php文件

    protected $middleware = [
        // ...
        XSSClean::class, // 增加xss处理中间件
        // ...
    ];

其他方案:

composer require mews/purifier

参考:

laravel8 实现XSS预防处理方案_laravel防止转义xss-CSDN博客

360通用php防护代码(使用操作详解)_php编程-跟版网

https://www.cnblogs.com/bingtang123/p/12844659.html 

点赞(0) 打赏

评论列表 共有 0 条评论

暂无评论

微信公众账号

微信扫一扫加关注

发表
评论
返回
顶部