正如David所说,如果您正在寻找消毒传入的数据,则仅过滤脚本标签是不够的.
HTML Purifier承诺做全包:
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicIoUs code (better known as XSS) with a thoroughly audited,secure yet permissive whitelist,it will also make sure your documents are standards compliant,something only achievable with a comprehensive knowledge of W3C’s specifications.