An overly XXS code.
public static function Removexss ($STR) {$str = Str_replace (' <!----> ', ' ', $str); $str = Preg_replace (' ~/\*[]+\*/~i ', ', $str); $str = preg_replace ('/\\\0{0,4}4[0-9a-f]/is ', ' ", $str); $str = preg_replace ('/\\\0{0,4}5[0-9a]/is ',", $ STR); $str = preg_replace ('/\\\0{0,4}6[0-9a-f]/is ', ' ', $str); $str = preg_replace ('/\\\0{0,4}7[0-9a]/is ', ' ", $STR); $ str = preg_replace ('/& #x0 {0,8}[0-9a-f]{2};/is ', ' ', $str); $str = Preg_replace ('/& #0 {0,8}[0-9]{2,3};/is ', ', $ STR); $str = Preg_replace ('/& #0 {0,8}[0-9]{2,3};/is ', ' ', $str); $str = Htmlspecialchars ($STR);//$str = Preg_replace ( '/</i ', ' < ', $str);//$str = preg_replace ('/>/i ', ' > ', $str);//non-paired label $lone_tags = Array ("img", "param", "BR", " ($lone _tags as $key + $val) {$val = Preg_quote ($val); $str = preg_replace ('/< '. $val. ‘(.*)(\/?) >/isu ', ' < '. $val. "\\1\\2>", $str); $str = Self::transcase ($str); $str = Preg_replace_callback ('/< '. $val. ' (. +?) >/i ', create_function (' $temp ', ' returnStr_replace ("" "," \ "", $temp [0]); '), $str);} $str = preg_replace ('/&/i ', ' & ', $str);//paired label $double_tags = Array ("table", "TR", "TD", "Font", "a", "Object", "em Bed "," P "," Strong "," em "," U "," Ol "," ul "," Li "," div "," tbody "," span "," blockquote "," Pre "," B "," Font "); foreach ($doub Le_tags as $key = $val) {$val = Preg_quote ($val); $str = preg_replace ('/< '. $val. ' (. *) >/isu ', ' < '. $val. "\\1>", $str); $str = Self::transcase ($str); $str = Preg_replace_callback ('/< '. $val. ' (. +?) >/i ', create_function (' $temp ', ' Return Str_replace ("," "," \ "", $temp [0]); '), $str); $str = preg_replace ('/<\/'. $ Val. ' >/is ', ' </'. $val. ">", $str);} Cleanup js$tags = Array (' javascript ', ' VBScript ', ' expression ', ' applets ', ' meta ', ' xml ', ' behaviour ', ' blink ', ' link ', ' style ' ', ' script ', ' embed ', ' object ', ' iframe ', ' frame ', ' frameset ', ' ilayer ', ' layer ', ' bgsound ', ' title ', ' base ', ' font '); foreach ($tags as $tag) {$tag = Preg_quote ($tag); $str = Preg_replace ('/') $tag. ' \ (. *\)/isu ', ' \\1 ', $str); $str = preg_replace ('/'. $tag. ' \s*:/isu ', $tag. ' \: ', $str);} $str = preg_replace ('/[\s]+on[\w]+[\s]*=/is ', ' ', $str); Return $str;}
Link Address: https://github.com/sillydong/CZD_Yaf_Extension/blob/master/library/Tools.php
Nice yaf closed MySQL address https://github.com/jonsonxu/yaf
PHP a XXS code