问题
When i Input.:
<script>alert("XSS")</script>Cleaning Test
My output should be
Cleaning Test
but i get same as input <script>alert("XSS")</script>Cleaning Test
can someone help me to solve this problem
and tried a lot but doesn't works i need to check my htmlpurifie
is working
this is my code
<?php
require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
ini_set("display_errors", 1);
error_reporting(E_ALL);
define('DB_SERVER', "localhost");
define('DB_USER', "sanoj");
define('DB_PASSWORD', "123456");
define('DB_DATABASE', "test");
define('DB_DRIVER', "mysql");
$country = filter_input(INPUT_POST, 'title');
$dirty_html = filter_input(INPUT_POST, 'wysiwyg');
$purifier = new HTMLPurifier();
$clean_html = $purifier->purify($dirty_html);
try {
$db = new PDO(DB_DRIVER . ":dbname=" . DB_DATABASE . ";host=" . DB_SERVER, DB_USER, DB_PASSWORD);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $db->prepare("INSERT INTO final(title, wysiwyg) VALUES (:title, :wysiwyg)");
$stmt->bindParam(':title', $country, PDO::PARAM_STR, 100);
$stmt->bindParam(':wysiwyg', $clean_html, PDO::PARAM_STR, 100);
if ($stmt->execute()) {
echo '1 row has been inserted';
}
$db = null;
} catch (PDOException $e) {
trigger_error('Error occured while trying to insert into the DB:' . $e->getMessage(), E_USER_ERROR);
}
?>
来源:https://stackoverflow.com/questions/30410850/htmlpurifier-not-working-with-froala-editor-wysiwyg