XSS(跨站点脚本)防御可以说是在站点中必须使用的,如果不使用XSS防御,那么你的站点就极其不安全。XSS过滤器可以从输入值中删除html标记,所以为了安全起见,删除html标记非常重要。在laravel 5.2中,可以通过在项目中使用中间件概念来实现。文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
下面我就给大家介绍如何在laravel应用程序中创建XSS过滤中间件。文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
首先启动以下命令并创建中间件:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
创建中间件文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
php artisan make:middleware XSS
现在,你可以在app/Http/Middleware/中看到新文件,并将下面的代码放入你的文件中。文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class XSS
{
public function handle(Request $request, Closure $next)
{
$input = $request->all();
array_walk_recursive($input, function(&$input) {
$input = strip_tags($input);
});
$request->merge($input);
return $next($request);
}
}最后,必须在app/Http/文件中注册中间件。并在$routeMiddleware数组中添加以下行。文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
class Kernel extends HttpKernel
{
....
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
....
'XSS' => \App\Http\Middleware\XSS::class,
];
}现在你可以在你的routing .php文件中使用XSS中间件了,在下面routing .php文件中你可以这样做:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
routes.php文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html
Route::group(['middleware' => ['XSS']], function () {
Route::get('customVali', 'CustomValDemoController@customVali');
Route::post('customValiPost', 'CustomValDemoController@customValiPost');
});文章源自菜鸟学院-https://www.cainiaoxueyuan.com/bc/10957.html