一段防止過濾xxs攻擊的php代碼
2014-12-19 17:47:59
閱讀:967
首頁 資訊 技術分享
public static function removeXSS($str) { $str = str_replace('{C}', '', $str); $str = preg_replace('~/\*[ ]+\*/~i', '', $str); $str = preg_replace('/\\\0{0,4}4[0-9a-f]/is', '', $str); $str = preg_replace('/\\\0{0,4}5[0-9a]/is', '', $str); $str = preg_replace('/\\\0{0,4}6[0-9a-f]/is', '', $str); $str = preg_replace('/\\\0{0,4}7[0-9a]/is', '', $str); $str = preg_replace('/?{0,8}[0-9a-f]{2};/is', '', $str); $str = preg_replace('/?{0,8}[0-9]{2,3};/is', '', $str); $str = preg_replace('/?{0,8}[0-9]{2,3};/is', '', $str); $str = htmlspecialchars($str); //$str = preg_replace('/ //$str = preg_replace('/>/i', '>', $str); // 非成對標簽 $lone_tags = array("img", "param", "br", "hr"); foreach ($lone_tags as $key => $val) { $val = preg_quote($val); $str = preg_replace('/<' . $val . '(.*)(\/?)>/isU', '<' . $val . "\\1\\2>", $str); $str = self::transCase($str); $str = preg_replace_callback('/<' . $val . '(.+?)>/i', create_function('$temp', 'return str_replace(""","\"",$temp[0]);'), $str); } $str = preg_replace('/&/i', '&', $str); // 成對標簽 $double_tags = array("table", "tr", "td", "font", "a", "object", "embed", "p", "strong", "em", "u", "ol", "ul", "li", "div", "tbody", "span", "blockquote", "pre", "b", "font"); foreach ($double_tags as $key => $val) { $val = preg_quote($val); $str = preg_replace('/<' . $val . '(.*)>/isU', '<' . $val . "\\1>", $str); $str = self::transCase($str); $str = preg_replace_callback('/<' . $val . '(.+?)>/i', create_function('$temp', 'return str_replace(""","\"",$temp[0]);'), $str); $str = preg_replace('/<\/' . $val . '>/is', ' . $val . ">", $str); } // 清理js $tags = Array( 'javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'behaviour', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base', 'font' ); foreach ($tags as $tag) { $tag = preg_quote($tag); $str = preg_replace('/' . $tag . '\(.*\)/isU', '\\1', $str); $str = preg_replace('/' . $tag . '\s*:/isU', $tag . '\:', $str); } $str = preg_replace('/[\s]+on[\w]+[\s]*=/is', '', $str); Return $str; }
穩定
產品高可用性高并發貼心
項目群及時溝通專業
產品經理1v1支持快速
MVP模式小步快跑承諾
我們選擇聲譽堅持
10年專注高端品質開發