<form name= "Form1" method= "Post" action= "" >
<textarea name= "Content" cols= "a" rows= "ten" ></textarea>
Content
<input type= "Submit" name= "Submission" value= "submitted" >
</form>
?
if ($_post)
{
Input
No action was made
$a = $_post[' content '];
echo $a;
/*
JS CSS A and other HTML tag code <script>alert (' output content ');</script>
A JS dialog box pops up here.
This will affect the security of the site and the user experience
*/
Functions for safe filtering
$b = Php_sava ($_post[' content '));
Echo $b;
/*
This is filtered directly, and the HTML code is exported, and here's what we want.
JS CSS A and other HTML tag code <script> alert (' output content '); </script>
*/
Echo ' <br> ', $b;
}
function Php_sava ($STR)
{
$farr = Array (
"/s+/",
"/< (/?) (script|i?frame|style|html|body|title|link|meta|?|%) ([^>]*?) >/isu ",
"/(<[^>]*) on[a-za-z]+s*= ([^>]*>)/isu",
);
$tarr = Array (
" ",
' <\1\2\3> ',//If you want to clear the unsafe label directly, leave this blank
"\1\2",
);
$str = Preg_replace ($farr, $tarr, $STR);
return $str;
}
Original works of this site, reprinted annotated source Www.111cn.net
?>