1,324   Laravel PHP XSS

Laravel5 防范XSS主要在输出时进行转义,也可以通过第三方package进行输入过滤

1,通过{{ }}在输出前转义

Hello, {{ $name }}.

官网解释

Blade {{ }} statements are automatically sent through PHP’s htmlentities function to prevent XSS attacks.

 

2,通过第三方package:mews/purifier,在输入前过滤

Purifier::clean(Input::get('inputname'));



Leave a Reply

Your email address will not be published. Required fields are marked *