require mews/purifier 用于XSS过滤

app/Http/Controllers/Admin/ArticleController.php

@@ -17,7 +17,7 @@ class ArticleController extends Controller
      */
     public function index()
     {
-        //
+        return view('admin/article/index');
     }
 
     /**
@@ -44,7 +44,8 @@ class ArticleController extends Controller
      */
     public function store(Store $request)
     {
-        $data = $request->all();
+        $data = $request->except('_token');
+        // echo clean($data['content']);die;
         p($data);die;
     }
 

app/Http/Requests/Requests/Article/Store.php

@@ -50,4 +50,16 @@ class Store extends FormRequest
         ];
     }
 
+    /**
+     * 定义字段名中文
+     *
+     * @return array
+     */
+    public function messages()
+    {
+        return [
+            'tag_ids.required'=>'必须选择标签',
+        ];
+    }
+
 }

composer.json

@@ -7,7 +7,8 @@
     "require": {
         "php": ">=5.6.4",
         "barryvdh/laravel-ide-helper": "^2.2",
-        "laravel/framework": "5.3.*"
+        "laravel/framework": "5.3.*",
+        "mews/purifier": "^2.0"
     },
     "require-dev": {
         "fzaninotto/faker": "~1.4",

composer.lock

@@ -4,8 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "060c62f57906e1c413c9ce6530bdafdf",
-    "content-hash": "4b56a74f5412f38bdc4772015b205834",
+    "hash": "3090d4c9648b0c39fca5d7fa74e2f223",
+    "content-hash": "119ce91d7825f804dee578f72b180106",
     "packages": [
         {
             "name": "barryvdh/laravel-ide-helper",
@@ -277,6 +277,50 @@
             "time": "2015-11-06 14:35:42"
         },
         {
+            "name": "ezyang/htmlpurifier",
+            "version": "v4.8.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/ezyang/htmlpurifier.git",
+                "reference": "d0c392f77d2f2a3dcf7fcb79e2a1e2b8804e75b2"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://packagist.phpcomposer.com/files/ezyang/htmlpurifier/d0c392f77d2f2a3dcf7fcb79e2a1e2b8804e75b2.zip",
+                "reference": "d0c392f77d2f2a3dcf7fcb79e2a1e2b8804e75b2",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.2"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-0": {
+                    "HTMLPurifier": "library/"
+                },
+                "files": [
+                    "library/HTMLPurifier.composer.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL"
+            ],
+            "authors": [
+                {
+                    "name": "Edward Z. Yang",
+                    "email": "admin@htmlpurifier.org",
+                    "homepage": "http://ezyang.com"
+                }
+            ],
+            "description": "Standards compliant HTML filter written in PHP",
+            "homepage": "http://htmlpurifier.org/",
+            "keywords": [
+                "html"
+            ],
+            "time": "2016-07-16 12:58:58"
+        },
+        {
             "name": "jakub-onderka/php-console-color",
             "version": "0.1",
             "source": {
@@ -633,6 +677,71 @@
             "time": "2016-10-19 20:38:46"
         },
         {
+            "name": "mews/purifier",
+            "version": "2.0.6",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/mewebstudio/Purifier.git",
+                "reference": "e3f8b41dafa21994b9a8349f316d8e967559ee5a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://packagist.phpcomposer.com/files/mewebstudio/Purifier/e3f8b41dafa21994b9a8349f316d8e967559ee5a.zip",
+                "reference": "e3f8b41dafa21994b9a8349f316d8e967559ee5a",
+                "shasum": ""
+            },
+            "require": {
+                "ezyang/htmlpurifier": "4.8.*",
+                "illuminate/config": "5.1.*|5.2.*|5.3.*",
+                "illuminate/filesystem": "5.1.*|5.2.*|5.3.*",
+                "illuminate/support": "5.1.*|5.2.*|5.3.*",
+                "php": ">=5.5.9"
+            },
+            "require-dev": {
+                "graham-campbell/testbench": "^3.2",
+                "mockery/mockery": "0.9.*",
+                "phpunit/phpunit": "^4.8|^5.0",
+                "scrutinizer/ocular": "^1.3"
+            },
+            "suggest": {
+                "laravel/framework": "To test the Laravel bindings",
+                "laravel/lumen-framework": "To test the Lumen bindings"
+            },
+            "type": "package",
+            "autoload": {
+                "psr-4": {
+                    "Mews\\Purifier\\": "src/"
+                },
+                "files": [
+                    "src/helpers.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Muharrem ERİN",
+                    "email": "me@mewebstudio.com",
+                    "homepage": "https://github.com/mewebstudio",
+                    "role": "Developer"
+                }
+            ],
+            "description": "Laravel 5 HtmlPurifier Package",
+            "homepage": "https://github.com/mewebstudio/purifier",
+            "keywords": [
+                "Purifier",
+                "htmlpurifier",
+                "laravel5 HtmlPurifier",
+                "laravel5 Purifier",
+                "laravel5 Security",
+                "security",
+                "xss"
+            ],
+            "time": "2016-07-27 10:02:13"
+        },
+        {
             "name": "monolog/monolog",
             "version": "1.22.0",
             "source": {

config/app.php

@@ -183,6 +183,11 @@ return [
          */
         Barryvdh\LaravelIdeHelper\IdeHelperServiceProvider::class,
 
+        /**
+         * mewebstudio/Purifier 过滤xss攻击
+         */
+        Mews\Purifier\PurifierServiceProvider::class,
+
     ],
 
     /*
@@ -230,7 +235,7 @@ return [
         'URL' => Illuminate\Support\Facades\URL::class,
         'Validator' => Illuminate\Support\Facades\Validator::class,
         'View' => Illuminate\Support\Facades\View::class,
-
+        'Purifier' => Mews\Purifier\Facades\Purifier::class,
     ],
 
 ];

resources/views/admin/article/create.blade.php

@@ -3,9 +3,9 @@
 @section('title', '发布文章')
 
 @section('css')
-    <link rel="stylesheet" href="{{ asset('/statics/editormd/css/editormd.min.css') }}">
-    <link rel="stylesheet" href="{{ asset('/statics/iCheck-1.0.2/skins/all.css') }}">
-    <link rel="stylesheet" href="{{ asset('/statics/gentelella/vendors/switchery/dist/switchery.min.css') }}">
+    <link rel="stylesheet" href="{{ asset('statics/editormd/css/editormd.min.css') }}">
+    <link rel="stylesheet" href="{{ asset('statics/iCheck-1.0.2/skins/all.css') }}">
+    <link rel="stylesheet" href="{{ asset('statics/gentelella/vendors/switchery/dist/switchery.min.css') }}">
 @endsection
 
 @section('nav', '发布文章')
@@ -29,9 +29,9 @@
             <tr>
                 <th width="7%">分类</th>
                 <td>
-                    <select class="form-control" name="">
+                    <select class="form-control" name="category_id">
                         @foreach($category as $v)
-                            <option value="{{ $v->id }}">{{ $v->cname }}</option>
+                            <option value="{{ $v->id }}" @if(old('category_id')) selected="selected" @endif>{{ $v->cname }}</option>
                         @endforeach
                     </select>
                 </td>
@@ -39,47 +39,47 @@
             <tr>
                 <th>标题</th>
                 <td>
-                    <input class="form-control" type="text" name="title">
+                    <input class="form-control" type="text" name="title" value="{{ old('title') }}">
                 </td>
             </tr>
             <tr>
                 <th>作者</th>
                 <td>
-                    <input class="form-control" type="text" name="author">
+                    <input class="form-control" type="text" name="author" value="{{ old('author') }}">
                 </td>
             </tr>
             <tr>
-                <th>标签</th>
+                <th>关键词</th>
                 <td>
-                    @foreach($tag as $v)
-                        {{ $v['name'] }}<input class="bjy-icheck" type="checkbox" name="tag_ids[]" value="{{ $v['id'] }}"> &emsp;
-                    @endforeach
+                    <input class="form-control" type="text" name="keywords" value="{{ old('keywords') }}">
                 </td>
             </tr>
             <tr>
-                <th>关键词</th>
+                <th>标签</th>
                 <td>
-                    <input class="form-control" type="text" name="keywords">
+                    @foreach($tag as $v)
+                        {{ $v['name'] }}<input class="bjy-icheck" type="checkbox" name="tag_ids[]" value="{{ $v['id'] }}" @if(in_array($v['id'], old('tag_ids', []))) checked="checked" @endif> &emsp;
+                    @endforeach
                 </td>
             </tr>
             <tr>
                 <th>描述</th>
                 <td>
-                    <input class="form-control" type="text" name="description">
+                    <textarea class="form-control modal-sm" name="description" rows="7" placeholder="可以不填，如不填；则截取文章内容前300字为描述">{{ old('description') }}</textarea>
                 </td>
             </tr>
             <tr>
                 <th>内容</th>
                 <td>
                     <div id="bjy-content">
-                        <textarea name="content"></textarea>
+                        <textarea name="content">{{ old('content') }}</textarea>
                     </div>
                 </td>
             </tr>
             <tr>
                 <th>置顶</th>
                 <td>
-                    <input class="js-switch" type="checkbox" name="is_top" value="1">
+                    <input class="js-switch" type="checkbox" name="is_top" value="1" @if(old('is_top', 0) == 1) checked="checked" @endif>
                 </td>
             </tr>
 
@@ -96,8 +96,8 @@
 
 @section('js')
     <script src="{{ asset('statics/gentelella/vendors/switchery/dist/switchery.min.js') }}"></script>
-    <script src="{{ asset('/statics/editormd/editormd.min.js') }}"></script>
-    <script src="{{ asset('/statics/iCheck-1.0.2/icheck.min.js') }}"></script>
+    <script src="{{ asset('statics/editormd/editormd.min.js') }}"></script>
+    <script src="{{ asset('statics/iCheck-1.0.2/icheck.min.js') }}"></script>
     <script>
         var testEditor;
 

resources/views/admin/article/index.blade.php

@@ -0,0 +1,18 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Document</title>
+</head>
+<body>
+
+<script src="//cdn.bootcss.com/jquery/1.12.4/jquery.min.js"></script>
+<script src="{{ asset('statics/editormd/lib/marked.min.js') }}"></script>
+<script>
+    var str = '</script>';
+    var str = marked(str);
+    console.log(str);
+    $('body').append(str);
+</script>
+</body>
+</html>