脚本宝典收集整理的这篇文章主要介绍了php实现XSS安全过滤的方法，脚本宝典觉得挺不错的，现在分享给大家，也给大家做个参考。

本文实例讲述了PHP实现XSS安全过滤的方法。分享给大家供大家参考。具体如下：

<PRe class="brush:PHP;"> function remove_xss($val) { // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as // note that you have to handle splits with \n,\r,and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','',$val); // straight replacements,the user should never need these since they're normal characters // this prevents like $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search);="" $i++)="" {="" ;?="" matches="" the="" ;,which="" is="" optional="" 0{0,7}="" matches="" any="" padded="" zeros,which="" are="" optional="" and="" go="" up="" to="" 8="" chars="" @="" @="" search="" for="" the="" hex="" values="" $val="preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i',$search[$i],$val);" with="" a="" ;="" @="" @="" 0{0,7}="" matches="" '0'="" zero="" to="" seven="" times="" $val="preg_replace('/(�{0,8}'.ord($search[$i]).';?)/',$val);" with="" a="" ;="" }="">Now the only remaining whITespace attacks are \t,\n,and \r $ra1 = array('javascript','vbscript','exPression','applet','Meta','XMl','blink','link','style','script','embed','object','iframe','frame','frameset','ilayer','layer','bgsound','title','base'); $ra2 = array('onabort','onactivate','onafterprint','onafterupdate','onbeforeactivate','onbeforecopy','onbeforecut','onbeforedeactivate','onbeforeeditfocus','onbeforepaste','onbeforeprint','onbeforeunload','onbeforeupdate','onblur','onbounce','oncellchange','onchange','onclick','oncontextmenu','oncontrolselect','oncopy','oncut','ondataavailable','ondatasetchanged','ondatasetcomplete','ondblclick','ondeactivate','onDrag','ondragend','ondragenter','ondragleave','ondragover','ondragstart','ondrop','onerror','onerrorupdate','onfilterchange','onfinish','onfocus','onfocusin','onfocusout','onhelp','onkeydown','onkeypress','onkeyup','onlayoutcomplete','onload','onlosecapture','onmousedown','onmouseenter','onmouseleave','onmouSEMove','onmouSEOut','onmouSEOver','onmouseup','onmousewheel','onmove','onmoveend','onmovestart','onpaste','onproPErtychange','onreadystatechange','onreset','onresize','onresizeend','onresizestart','onrowenter','onrowexit','onrowsdelete','onrowsinserted','onscroll','onselect','onselectionchange','onselectstart','onstart','onstop','onsubmit','onunload'); $ra = array_merge($ra1,$ra2); $found = true; // keep replacing as long as the prevIoUs round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra);="" $i++)="" {="" $pattern='/' ;="" for="" ($j="0;" $j="">< strlen($ra[$i]);="" $j++)="" {="" if="" ($j=""> 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab]);)'; $pattern .= '|'; $pattern .= '|(�{0,8}([9|10|13]);)'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i],2).''.substr($ra[$i],2); // add in <> to nerf the tag $val = preg_replace($pattern,$replacement,$val); // filter out the hex tags if ($val_before == $val) { // no replacements were made,so exit the loop $found = false; } } } return $val; }

脚本宝典总结

以上是脚本宝典为你收集整理的php实现XSS安全过滤的方法全部内容，希望文章能够帮你解决php实现XSS安全过滤的方法所遇到的问题。

如果觉得脚本宝典网站内容还不错，欢迎将脚本宝典推荐好友。

本图文内容来源于网友网络收集整理提供，作为学习参考使用，版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ：384754419，请注明来意。