1、创建中间件
php artisan make:middleware XSSClean2、编辑app/Http/Middleware/XSSClean.php文件
<?phpnamespace App\Http\Middleware;use Closure;
use Illuminate\Http\Request;class XSSClean
{/*** Handle an incoming request.** @param \Illuminate\Http\Request $request* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse*/public function handle(Request $request, Closure $next){// return $next($request);$query = $request->query->all();$req = $request->request->all();// $all = $request->all();array_walk_recursive($query, function (&$params) {// $params = htmlspecialchars($params);$params = strip_tags($params);});$request->query->replace($query);// $request->merge($query);array_walk_recursive($req, function (&$params) {// $params = htmlspecialchars($params);$params = strip_tags($params);});$request->request->replace($req);// $request->merge($req);return $next($request);}
}
3、配置app/Http/Kernel.php文件
protected $middleware = [// ...XSSClean::class, // 增加xss处理中间件// ...];其他方案:
composer require mews/purifier参考:
laravel8 实现XSS预防处理方案_laravel防止转义xss-CSDN博客
360通用php防护代码(使用操作详解)_php编程-跟版网
https://www.cnblogs.com/bingtang123/p/12844659.html