我的书签
添加书签
移除书签防止XXS攻击
$type 开启则返回false/true,否则返回过滤后的值
$mode 模式,true为简单,false为高级
注意:高级模式下,$type参数无效!!
function clean_xss($string,$type=false,$mode=true) {
if(!is_array($string)) {
$keywords=array('jQuery','eval','@','script','javascript:','javascript.:','vbscript:','vbscript.:',':expression','alert','click','callBack');
$string = trim($string);
//包含http
if(substr($string,0,7) == 'http://'){
$string=substr($string,7,strlen($string));
$str_new =$string;
$string = str_ireplace($keywords, '', $string);
if($mode){
if($type){
if($str_new != $string){//有匹配到
return true;
}else{
return false;
}
}else{
//不管有没有匹配到,都返回如下
return 'http://'.$string;
}
}
//继续深入过滤
$string=clean_xssinfo($string);
return 'http://'.$string;
}elseif(substr($string,0,8) == 'https://'){
$string=substr($string,8,strlen($string));
$str_new =$string;
$string = str_ireplace($keywords, '', $string);
if($mode){
if($type){
if($str_new != $string){//有匹配到
return true;
}else{
return false;
}
}else{
//不管有没有匹配到,都返回如下
return 'https://'.$string;
}
}
//继续深入过滤
$string=clean_xssinfo($string);
return 'https://'.$string;
}else{
$str_new =$string;
$string = str_ireplace($keywords, '', $string);
if($mode){
if($type){
if($str_new != $string){//有匹配到
return true;
}else{
return false;
}
}else{
//不管有没有匹配到,都返回如下
return $string;
}
}
//继续深入过滤
$string=clean_xssinfo($string);
return $string;
}
}
$keys = array_keys($string);
foreach ($keys as $key) {
clean_xss($string[$key]);
}
}
function clean_xssinfo($string){
$string = strip_tags($string);
$string = htmlspecialchars($string);
$string = str_replace(array('"', "\\", "'", "/", "..", "../", "./", "//" ), '', $string);
$no = '/%0[0-8bcef]/';
$string = preg_replace($no, '', $string);
$no = '/%1[0-9a-f]/';
$string = preg_replace($no, '', $string);
$no = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S';
$string = preg_replace($no, '', $string);
return $string;
}防止XXS攻击 $type开启则返回false/
本文档使用 LisonRead 构建
