php实现XSS安全过滤的方法
本文实例讲述了php实现XSS安全过滤的方法。分享给大家供大家参考。具体如下:
function remove_xss($val) {
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
// this prevents some character re-spacing such as <java\\0script>
// note that you have to handle splits with \\n, \\r, and \\t later since they *are* allowed in some inputs
$val = preg_replace(\'/([\\x00-\\x08,\\x0b-\\x0c,\\x0e-\\x19])/\', \'\', $val);
// straight replacements, the user should never need these since they\'re normal characters
// this prevents like <IMG SRC=@avascript:alert(\'XSS\')>
$search = \'abcdefghijklmnopqrstuvwxyz\';
$search .= \'ABCDEFGHIJKLMNOPQRSTUVWXYZ\';
$search .= \'1234567890!@#$%^&*()\';
$search .= \'~`\";:?+/={}[]-_|\\\'\\\\\';
for ($i = 0; $i < strlen($search); $i++) {
// ;? matches the ;, which is optional
// 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
// @ @ search for the hex values
$val = preg_replace(\'/(&#[xX]0{0,8}\'.dechex(ord($search[$i])).\';?)/i\', $search[$i], $val); // with a ;
// @ @ 0{0,7} matches \'0\' zero to seven times
$val = preg_replace(\'/(�{0,8}\'.ord($search[$i]).\';?)/\', $search[$i], $val); // with a ;
}
// now the only remaining whitespace attacks are \\t, \\n, and \\r
$ra1 = array(\'javascript\', \'vbscript\', \'expression\', \'applet\', \'meta\', \'xml\', \'blink\', \'link\', \'style\', \'script\', \'embed\', \'object\', \'iframe\', \'frame\', \'frameset\', \'ilayer\', \'layer\', \'bgsound\', \'title\', \'base\');
$ra2 = array(\'onabort\', \'onactivate\', \'onafterprint\', \'onafterupdate\', \'onbeforeactivate\', \'onbeforecopy\', \'onbeforecut\', \'onbeforedeactivate\', \'onbeforeeditfocus\', \'onbeforepaste\', \'onbeforeprint\', \'onbeforeunload\', \'onbeforeupdate\', \'onblur\', \'onbounce\', \'oncellchange\', \'onchange\', \'onclick\', \'oncontextmenu\', \'oncontrolselect\', \'oncopy\', \'oncut\', \'ondataavailable\', \'ondatasetchanged\', \'ondatasetcomplete\', \'ondblclick\', \'ondeactivate\', \'ondrag\', \'ondragend\', \'ondragenter\', \'ondragleave\', \'ondragover\', \'ondragstart\', \'ondrop\', \'onerror\', \'onerrorupdate\', \'onfilterchange\', \'onfinish\', \'onfocus\', \'onfocusin\', \'onfocusout\', \'onhelp\', \'onkeydown\', \'onkeypress\', \'onkeyup\', \'onlayoutcomplete\', \'onload\', \'onlosecapture\', \'onmousedown\', \'onmouseenter\', \'onmouseleave\', \'onmousemove\', \'onmouseout\', \'onmouseover\', \'onmouseup\', \'onmousewheel\', \'onmove\', \'onmoveend\', \'onmovestart\', \'onpaste\', \'onpropertychange\', \'onreadystatechange\', \'onreset\', \'onresize\', \'onresizeend\', \'onresizestart\', \'onrowenter\', \'onrowexit\', \'onrowsdelete\', \'onrowsinserted\', \'onscroll\', \'onselect\', \'onselectionchange\', \'onselectstart\', \'onstart\', \'onstop\', \'onsubmit\', \'onunload\');
$ra = array_merge($ra1, $ra2);
$found = true; // keep replacing as long as the previous round replaced something
while ($found == true) {
$val_before = $val;
for ($i = 0; $i < sizeof($ra); $i++) {
$pattern = \'/\';
for ($j = 0; $j < strlen($ra[$i]); $j++) {
if ($j > 0) {
$pattern .= \'(\';
$pattern .= \'(&#[xX]0{0,8}([9ab]);)\';
$pattern .= \'|\';
$pattern .= \'|(�{0,8}([9|10|13]);)\';
$pattern .= \')*\';
}
$pattern .= $ra[$i][$j];
}
$pattern .= \'/i\';
$replacement = substr($ra[$i], 0, 2).\'<x>\'.substr($ra[$i], 2); // add in <> to nerf the tag
$val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
if ($val_before == $val) {
// no replacements were made, so exit the loop
$found = false;
}
}
}
return $val;
}
</pre>
</div>
<p>希望本文所述对大家的php程序设计有所帮助。</p>
</div>
</section>
<script type=\"text/javascript\">
(function() {
var s = \"_\" + Math.random().toString(36).slice(2);
document.write(\'<div style=\"\" id=\"\' + s + \'\"></div>\');
(window.slotbydup = window.slotbydup || []).push({
id: \"u4263905\",
container: s
});
})();
</script>
<section class=\"xgwz\">
<b>【热门文章】</b>
<ul>
<li><a href=\"/b.php/78962.html\">JSP中正则表达式用法实例</a></li><li><a href=\"/b.php/78963.html\">C++实现二维图形的傅里叶变换</a></li><li><a href=\"/b.php/78964.html\">理解Java设计模式编程中的迪米特原则</a></li><li><a href=\"/b.php/78965.html\">Win10游戏兼容性超WinXP 7月29日正式发售</a></li><li><a href=\"/b.php/78966.html\">Winform圆形环绕的Loading动画实现代码</a></li><li><a href=\"/b.php/78967.html\">jquery mobile 实现自定义confirm确认框效果的简单实例</a></li><li><a href=\"/b.php/78968.html\">在JS方法中返回多个值的方法汇总</a></li><li><a href=\"/b.php/78969.html\">zen cart实现订单中增加paypal中预留电话的方法</a></li><li><a href=\"/b.php/78970.html\">javascript中offset、client、scroll的属性总结</a></li><li><a href=\"/b.php/78971.html\">采用C++实现区间图着色问题(贪心算法)实例详解</a></li><li><a href=\"/b.php/78972.html\">Android应用开发:电话监听和录音代码示例</a></li><li><a href=\"/b.php/78973.html\">js写出遮罩层登陆框和对联广告并自动跟随滚动条滚动</a></li><li><a href=\"/b.php/78974.html\">C# 调用API函数弹出映射网络驱动器对话框问题</a></li><li><a href=\"/b.php/78975.html\">win8.1删除文件时没有确认对话框怎么办?</a></li><li><a href=\"/b.php/78976.html\">ajax中文乱码的各种解决办法总结</a></li><li><a href=\"/b.php/78977.html\">解析zend Framework如何自动加载类</a></li><li><a href=\"/b.php/78978.html\">js获取对象为null的解决方法</a></li><li><a href=\"/b.php/78979.html\">OSX 10.11 java 6不兼容怎么办?苹果MAC 10.11不兼容java 6情况的解决办法介绍</a></li><li><a href=\"/b.php/78980.html\">.NET逻辑分层架构总结</a></li><li><a href=\"/b.php/78981.html\">jquery拖拽效果完整实例(附demo源码下载)</a></li><li><a href=\"/b.php/78982.html\">PHP编程入门的基本语法知识点总结</a></li><li><a href=\"/b.php/78983.html\">Android UI设计系列之自定义EditText实现带清除功能的输入框(3)</a></li><li><a href=\"/b.php/78984.html\">FireBug 调试JS入门教程 如何调试JS</a></li><li><a href=\"/b.php/78985.html\">基于Android LayoutInflater的使用介绍</a></li></ul>
</section>
<section class=\"xgwz\">
<b>【热门文章】</b>
<ul>
<li><a href=\"/c.php/35534.html\">Apache htaccess 如何控制网页缓存!强制刷新微信浏览器缓存?</a></li><li><a href=\"/c.php/35535.html\">问下目前我们平常用的电脑间网络连接最快有多快?用什么方式?</a></li><li><a href=\"/c.php/35536.html\">纯css实现一个点变成一个曲线的动态效果</a></li><li><a href=\"/c.php/35537.html\">c++ 加密程序用php怎么写?</a></li><li><a href=\"/c.php/35538.html\">Openwrt make defconfig 出现错误</a></li><li><a href=\"/c.php/35539.html\">经典案例如何用算法实现</a></li><li><a href=\"/c.php/35540.html\">thinkphp的页面form表单提交后出现这个情况,怎么解决?</a></li><li><a href=\"/c.php/35541.html\">我自己制作SSL证书,自己使用node的https模块搭建了服务器,但是微信端访问没有反应怎么办?</a></li><li><a href=\"/c.php/35542.html\">`1 instanceof Number` 为啥是false?</a></li><li><a href=\"/c.php/35543.html\">iOS 点击tabbar 返回根视图</a></li><li><a href=\"/c.php/35544.html\">for(i=0, j=0; i<10, j<6; i++, j++){ k = i + j; } k是多少</a></li><li><a href=\"/c.php/35545.html\">python搭建一个局域网内的报表系统</a></li><li><a href=\"/c.php/35546.html\">怎么依据当前文章Tags查询出相关文章?</a></li><li><a href=\"/c.php/35547.html\">css 背景图片显示问题,设置height:100%后无作用</a></li><li><a href=\"/c.php/35548.html\">nginx里面怎么配置支持127.0.0.1:82下 html文件支持include</a></li><li><a href=\"/c.php/35549.html\">如何升级nodejs与npm?</a></li><li><a href=\"/c.php/35550.html\">Angular 式的界面自动刷新具体是如何做到的?</a></li><li><a href=\"/c.php/35551.html\">OS X 安装pkg一直卡在:正在准备安装 与 homebrew问题</a></li><li><a href=\"/c.php/35552.html\">js中为什么字符串中加了\\n匹配就一直失败</a></li><li><a href=\"/c.php/35553.html\">手机(苹果六)qq聊天记录如何导出来啊</a></li></ul>
</section>
<section class=\"cont pl\" id=\"comment\"><b></b>
<div id=\"SOHUCS\" sid=\"art_104965\"></div>
</section>
<div class=\"search\">
<form action=\"http://zhannei.baidu.com/cse/search\" method=\"get\" target=\"_blank\" class=\"bdcs-search-form\" id=\"bdcs-search-form\">
<input name=\"s\" value=\"12351952642737355179\" type=\"hidden\">
<input name=\"entry\" value=\"1\" type=\"hidden\">
<input name=\"ie\" value=\"gbk\" type=\"hidden\">
<input name=\"nsid\" value=\"1\" type=\"hidden\">
<input type=\"text\" placeholder=\"请输入您感兴趣的关键字\" value=\"\" id=\"search_txt1\" maxlength=\"18\" class=\"search_txt\" name=\"q\">
<input class=\"search_btn\" value=\"搜 索\" type=\"submit\">
</form>
</div>
<nav class=\"nav-foot\">
<ul>
<li><a href=\"/jiaotong/huoche/\">火车</a></li>
<li><a href=\"/jiaotong/gaotie/\">高铁</a></li>
<li><a href=\"/jiaotong/qiche/\">汽车</a></li>
<li><a href=\"/jiaotong/gongjiao/\">公交</a></li>
<li><a href=\"/jiaotong/zijia/\">自驾</a></li>
<li><a href=\"/jiaotong/licheng/\">里程</a></li>
<li> <a href=\"/jiaotong/jingdian/\">景点</a></li>
<li><a href=\"/jiaotong/gonglue/\">攻略</a></li>
<li><a href=\"/jiaotong/wen/\">问路</a></li>
<li><a href=\"/\">计算机</a></li>
</ul>
<ul>
<li><a href=\"/\">首页</a></li>
<li><a href=\"/jiaotong/huoche/\">火车</a></li>
<li><a href=\"/jiaotong/gaotie/\">高铁</a></li>
<li><a href=\"/jiaotong/qiche/\">汽车</a></li>
<li><a href=\"/jiaotong/gongjiao/\">公交</a></li>
</ul>
</nav>
<footer class=\"footer-min\">
<div class=\"app\">
<a href=\"javascript:void(0)\" class=\"pc\">电脑版</a> - <a href=\"/\">返回首页</a></div>
<div class=\"copyright\">Copyright ©2017 <a href=\"/\">交通频道</a> All Rights Reserved</div>
</footer>
<div class=\"clearfix\"></div>
<div class=\"asd\"><span id=\"asd-footer\" class=\"jbTestPos\"><script>gx(4);</script></span></div>
<script>
var path_url=\"/b.php/84114.html\";
</script>
<script type=\"text/javascript\" src=\"/img/jquery-1.10.2.min.js\"></script>
<script type=\"text/javascript\" src=\"/img/menuclick.js\"></script>
<br>
<script>
var _hmt = _hmt || [];
(function() {
var hm = document.createElement(\"script\");
hm.src = \"https://hm.baidu.com/hm.js?4e18701aa680bab2e8eb968e32500cf0\";
var s = document.getElementsByTagName(\"script\")[0];
s.parentNode.insertBefore(hm, s);
})();
</script>
</div>
</body>
</html>
本文地址:https://www.stayed.cn/item/2251
转载请注明出处。
本站部分内容来源于网络,如侵犯到您的权益,请 联系我
我的博客
人生若只如初见,何事秋风悲画扇。
我的标签
随笔档案
- 2024-02(2)
- 2023-06(1)
- 2023-05(1)
- 2023-04(14)
- 2023-03(3)
- 2023-01(6)
- 2022-12(5)
- 2022-11(5)
- 2022-07(2)
- 2022-06(4)
- 2022-05(3)
- 2022-03(1)
- 2021-12(6)
- 2021-11(1)
- 2021-10(3)
- 2021-09(5)
- 2021-07(5)
- 2021-02(2)
- 2021-01(7)
- 2020-12(18)
- 2020-11(14)
- 2020-10(12)
- 2020-09(10)
- 2020-08(22)
- 2020-07(2)
- 2020-06(1)
- 2020-04(5)
- 2020-03(9)
- 2020-02(7)
- 2020-01(9)
- 2019-12(8)
- 2019-11(10)
- 2019-10(11)
- 2019-09(17)
- 2019-08(16)
- 2019-07(6)
- 2019-06(3)
- 2019-04(1)
- 2019-03(8)
- 2019-02(5)
- 2019-01(1)
- 2018-11(2)
- 2018-10(3)
- 2018-09(1)
- 2018-08(3)
- 2018-07(3)
- 2018-06(7)
- 2018-04(4)
- 2018-03(5)
- 2018-02(4)
- 2018-01(22)
- 2017-12(3)
- 2017-11(5)
- 2017-10(15)
- 2017-09(26)
- 2017-08(1)
- 2017-07(3)