2015
01-27
01-27
Yii框架中使用CHtmlPurifier过滤文本内容防止XSS攻击
1、在控制器中使用:publicfunctionactionCreate(){$model=newNews;$purifier=newCHtmlPurifier();$purifier->options=array('URI.AllowedSchemes'=>array('http'=>true,'https'=>true,),'HTML.Allowed'=>'div',);if(isset($_POST['News'])){$model->attributes=$_POST['News'];$model->attributes['content']=$purifier...
继续阅读 >