function Removexss ($val) {//Remove all non-printable characters. CR (0a) and LF (0b) and TAB (9) is allowed//This prevents some character re-spacing such as <javascript>//Note that yo U has to handle splits W N, R, and T later Sincethey *are* allowed in some inputs $val = Preg_replace ('/([x00-x08][x0 B-X0C][X0E-X20])/', ', $val); Straight replacements, the user should never need these since they ' re normal characters//This prevents like $search = ' abcdefghijklmnopqrstuvwxyz '; $search. = ' ABCDEFGHIJKLMNOPQRSTUVWXYZ '; $search. = ' 1234567890!@#$%^&* () '; $search. = ' ~ ' ";:? +/={}[]-_| ' \'; for ($i = 0; $i strlen ($search); $i + +) {//; matches the;, which is optional//0{0,7} matches any padded zeros, whic H is optional and go up to 8 chars//@ search for the hex values $val = Preg_replace ('/(&#[x| x]0{0,8} '. Dechex (Ord ($search [$i])). /I ', $search [$i], $val); with A; @ @ 0{0,7} matches ' 0 ' zero to seven TimEs $val = preg_replace ('/({0,8} '. Ord ($search [$i]). /', $search [$i], $val); with A; }//Now the only remaining whitespace attacks is T, N, and r $ra 1 = Array (' javascript ', ' VBScript ', ' expression ', ' app Let ', ' meta ', ' xml ', ' blink ', ' link ', ' style ', ' script ', ' embed ', ' object ', ' iframe ', ' frame ', ' frameset ', ' ilayer ', ' Laye R ', ' Bgsound ', ' title ', ' base '); $ra 2 = Array (' onabort ', ' onactivate ', ' onafterprint ', ' onafterupdate ', ' onbeforeactivate ', ' onbeforecopy ', ' Onbeforecut ', ' onbeforedeactivate ', ' onbeforeeditfocus ', ' onbeforepaste ', ' onbeforeprint ', ' onbeforeunload ', ' Onbeforeupdate ', ' onblur ', ' onbounce ', ' oncellchange ', ' onchange ', ' onclick ', ' oncontextmenu ', ' oncontrolselect ', ' Oncopy ', ' oncut ', ' ondataavailable ', ' ondatasetchanged ', ' ondatasetcomplete ', ' ondblclick ', ' ondeactivate ', ' Ondrag ', ' Ondragend ', ' ondragenter ', ' ondragleave ', ' ondragover ', ' ondragstart ', ' ondrop ', ' onerror ', ' onerrorupdate ', ' Onfilterchange ', ' onfinish ', ' onfocus ', ' onfocusin ', ' onfocusout ', ' onHelp ', ' onkeydown ', ' onkeypress ', ' onkeyup ', ' onlayoutcomplete ', ' onload ', ' onlosecapture ', ' onmousedown ', ' Onmouseenter ', ' onmouseleave ', ' onmousemove ', ' onmouseout ', ' onmouseover ', ' onmouseup ', ' onmousewheel ', ' onmove ', ' Onmoveend ', ' onmovestart ', ' onpaste ', ' onpropertychange ', ' onreadystatechange ', ' onreset ', ' onresize ', ' onresizeend ', ' Onresizestart ', ' onrowenter ', ' onrowexit ', ' onrowsdelete ', ' onrowsinserted ', ' onscroll ', ' onselect ', ' Onselectionchange ', ' onselectstart ', ' onstart ', ' onstop ', ' onsubmit ', ' onunload '); $ra = Array_merge ($ra 1, $ra 2); $found = true; Keep replacing as long as the previous round replaced something while ($found = = True) {$val _before = $val; for ($i = 0; $i, sizeof ($RA); $i + +) {$pattern = '/'; for ($j = 0; $j strlen ($ra [$i]), $j + +) {if ($j-0) {$pattern. = ' ('; $pattern. = ' (&#[x| x]0{0,8} ([9][a][b]);?)?; $pattern. = ' | ({0,8} ([9][10][13]);?)? "; $pattern. = ')? '; } $pattern. = $ra [$i] [$j]; } $pattern. = '/I '; $replacement = substr ($ra[$i], 0, 2). ' <x> '. substr ($ra [$i], 2); Add in <> to nerf the tag $val = Preg_replace ($pattern, $replacement, $val); Filter out the hex tags if ($val _before = = $val) {//No replacements were made, so exit the loop $found = false;} } } } |