xss过滤 · AAPHP开发手册

### XSS过滤 ~~~ /** * xss 过滤 * @return string */ public function xss() { // 开启 xss 过滤，默认开启 Config::common('xss_filter',true); $xss = "<script>alert('XSS')</script>"; $this->assign('xss', $xss); return $this->fetch(); } ~~~ ~~~ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>fetch</title> </head> <body> {$xss} </body> </html> ~~~ ### 关闭 xss 过滤 ~~~ /** * 关闭 xss 过滤 * @return string */ public function closeXssFilter() { // 关闭xss过滤，也可以修改 /config/common.php 'xss_filter' => false, Config::common('xss_filter',false); $xss = "<script>alert('XSS')</script>"; $this->assign('xss', $xss); return $this->fetch(); } ~~~ ~~~ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>fetch</title> </head> <body> {$xss} </body> </html> ~~~