This article to: The new Too Current network blog
/** * [Remove dangerous characters] * @e-mial [email protected] * @TIME 2017-04-07 * @WEB http://blog.iinu.com.cn * @param [data] $val [to The data] * @return [type] [description] */functionRemove_xss($val) {$val=Preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', ‘‘,$val);$search= ' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';$search.= ' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';$search.= ' [Email protected]#$%^&* () ';$search.= ' ~ ';:? +/={}[]-_|\ ' \ \ '; For ($i= 0;$i<Strlen($search);$i++) {$val=Preg_replace('/(&#[xx]0{0,8} ' .Dechex(Ord($search[$i])) . ‘;?) /I ',$search[$i],$val);$val=Preg_replace(‘/(? {0,8} ' .Ord($search[$i]) . ‘;?) /‘,$search[$i],$val); } Now the only remaining whitespace attacks is \ t, \ n, and \ r$ra 1=Array(' JavaScript ', ' VBScript ', ' Expression ', ' Applets ', ' Meta ', ' XML ', ' Blink ', ' Link ', ' Style ', ' Script ', ' Embed ', ' Object ', ' IFrame ', ' Frame ', ' Frameset ', ' Ilayer ', ' Layer ', ' Bgsound ', ' Title ', ' Base ');$ra 2=Array(' Onabort ', ' OnActivate ', ' Onafterprint ', ' Onafterupdate ', ' Onbeforeactivate ', ' Onbeforecopy ', ' Onbeforecut ', ' Onbeforedeactivate ', ' Onbeforeeditfocus ', ' Onbeforepaste ', ' Onbeforeprint ', ' onBeforeUnload ', ' Onbeforeupdate ', ' Onblur ', ' Onbounce ', ' Oncellchange ', ' OnChange ', ' OnClick ', ' OnContextMenu ', ' Oncontrolselect ', ' Oncopy ', ' Oncut ', ' OnDataAvailable ', ' ondatasetchanged ', ' Ondatasetcomplete ', ' OnDblClick ', ' OnDeactivate ', ' Ondrag ', ' Ondragend ', ' OnDragEnter ', ' OnDragLeave ', ' OnDragOver ', ' Ondragstart ', ' OnDrop ', ' OnError ', ' Onerrorupdate ', ' Onfilterchange ', ' OnFinish ', ' Onfocus ', ' Onfocusin ', ' Onfocusout ', ' OnHelp ', ' OnKeyDown ', ' onkeypress ', ' OnKeyUp ', ' Onlayoutcomplete ', ' OnLoad ', ' Onlosecapture ', ' OnMouseDown ', ' Onmouseenter ', ' OnMouseLeave ', ' OnMouseMove ', ' onMouseOut ', ' onMouseOver ', ' OnMouseUp ', ' OnMouseWheel ', ' OnMove ', ' Onmoveend ', ' Onmovestart ', ' Onpaste ', ' Onpropertychange ', ' onReadyStateChange ', ' OnReset ', ' OnResize ', ' Onresizeend ', ' Onresizestart ', ' Onrowenter ', ' Onrowexit ', ' Onrowsdelete ', ' Onrowsinserted ', ' Onscroll ', ' Onselect ', ' Onselectionchange ', ' Onselectstart ', ' OnStart ', ' OnStop ', ' OnSubmit ', ' OnUnload ');$ra=Array_merge($ra 1,$ra 2);$found= True; While ($found== True) {$val _before=$val; For ($i= 0;$i< sizeof($ra);$i++) {$pattern= ‘/‘; For ($j= 0;$j<Strlen($ra[$i]);$j++) { If ($j> 0) {$pattern.= ‘(‘;$pattern.= ' (&#[xx]0{0,8} ([9ab]);) ';$pattern.=' | ';$pattern.=' | (? {0,8} ([9|10|13]);) ';$pattern.=') * ';}$pattern.=$ra[$i][$j];}$pattern.=' /I ';$replacement=substr($ra[$i],0,2).''.substr($ra[$i],2);$val=Preg_replace($pattern,$replacement,$val);if($val _before==$val){$found=false;}}}return$val;}
This article to: The new Too Current network blog
PHP culling removes dangerous characters