php实现XSS安全过滤的方法

5年以前  |  阅读数:556 次  |  编程语言:PHP 

本文实例讲述了php实现XSS安全过滤的方法。分享给大家供大家参考。具体如下:


    function remove_xss($val) {
      // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
      // this prevents some character re-spacing such as <java\0script>
      // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
      $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
      // straight replacements, the user should never need these since they're normal characters
      // this prevents like <IMG SRC=@avascript:alert('XSS')>
      $search = 'abcdefghijklmnopqrstuvwxyz';
      $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
      $search .= '1234567890!@#$%^&*()';
      $search .= '~`";:?+/={}[]-_|\'\\';
      for ($i = 0; $i < strlen($search); $i++) {
       // ;? matches the ;, which is optional
       // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
       // @ @ search for the hex values
       $val = preg_replace('/(&#
 相关文章:
PHP分页显示制作详细讲解
SSH 登录失败:Host key verification failed
获取IMSI
将二进制数据转为16进制以便显示
文件下载
贪吃蛇
获取IMEI
双位运算符
发送邮件
PHP自定义函数获取搜索引擎来源关键字的方法
Java生成UUID
提取后缀名
年的日历图
在Zeus Web Server中安装PHP语言支持
让你成为最历害的git提交人
Yii2汉字转拼音类的实例代码
再谈PHP中单双引号的区别详解
指定应用ID以获取对应的应用名称
Python 2与Python 3版本和编码的对比
php封装的page分页类完整实例