|
|
本文实例讲述了php实现XSS安全过滤的方法。分享给大家供大家参考。具体如下:
function remove_xss($val) {
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
// this prevents some character re-spacing such as
// note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
$val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
// straight replacements, the user should never need these since they're normal characters
// this prevents like
[img][/img]
$search = 'abcdefghijklmnopqrstuvwxyz';
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$search .= '1234567890!@#$%^&*()';
$search .= '~`";:?+/={}[]-_|\'\\';
for ($i = 0; $i 0) {
$pattern .= '(';
$pattern .= '(&[xX]0{0,8}([9ab]);)';
$pattern .= '|';
$pattern .= '|(�{0,8}([9|10|13]);)';
$pattern .= ')*';
}
$pattern .= $ra[$i][$j];
}
$pattern .= '/i';
$replacement = substr($ra[$i], 0, 2).''.substr($ra[$i], 2); // add in to nerf the tag
$val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
if ($val_before == $val) {
// no replacements were made, so exit the loop
$found = false;
}
}
}
return $val;
}
希望本文所述对大家的php程序设计有所帮助。
您可能感兴趣的文章:php下过滤html代码的函数 提高程序安全性php HtmlReplace输入过滤安全函数PHP开发不能违背的安全规则 过滤用户输入php 安全过滤函数代码php 对输入信息的进行安全过滤的函数代码php常用的安全过滤函数集锦php判断文件上传类型及过滤不安全数据的方法PHP中字符安全过滤函数使用小结PHP的Yii框架中过滤器相关的使用总结YII Framework的filter过滤器用法分析Yii净化器CHtmlPurifier用法示例(过滤不良代码)
|
|
微信扫一扫
发表于 2018-2-14 05:43:34
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
