Function Removexss ($val) { //Remove all non-printable characters. CR (0a) and LF (0b) and TAB (9) are allowed //This prevents some character re-spacing such as <ja vascript> //Note this have to handle splits with,, and later since, they *are* allowed in Some inputs $val = preg_replace ('/([-][-][-])/', ', $val); //Straight replacements, the user should never need these since they ' re normal characters &nbs p; //This prevents like $search = ' abcdefghijklmnopqrstuvwxyz '; $search. = ' abcdefghijklmnopqrstuvwxyz '; $search. = ' 1234567890!@#$%^&* () '; $search. = ' ~ ' ";:? +/={}[]-_| ' \ '; for ($i = 0; $i < strlen ($search); $i + +) { //;? Matches the;, which is optional //0{0,7} matches any padded zeros, which are Optional and go up to 8 chars & #x0040 @ search for the hex values $val = Preg_replace ('/(&#[x| x]0{0,8} '. Dechex (Ord ($search [$i])). /I ', $search [$i], $val); with A; @ @ 0{0,7} matches ' 0 ' zero to seven times $val = Preg_replace ('/(& #0 {0,8} '. Ord ($search [$i]). /', $search [$i], $val); with A; } Now the only www.111Cn.net remaining whitespace attacks are, and $ra 1 = Array (' javascript ', ' VBScript ', ' expression ', ' applets ', ' meta ', ' xml ', ' blink ', ' link ', ' style ', ' script ', ' embed ', ' Object ', ' iframe ', ' frame ', ' frameset ', ' ilayer ', ' layer ', ' bgsound ', ' title ', ' base '; $ra 2 = Array (' onabort ', ' onactivate ', ' onafterprint ', ' onafterupdate ', ' onbeforeactivate ', ' onbeforecopy ') , ' onbeforecut ', ' onbeforedeactivate ', ' onbeforeeditfocus ', ' onbeforepaste ', ' onbeforeprint ', ' onbeforeunload ', ' Onbeforeupdate ', ' onblur ', ' onbounce ', ' oncellchange ', ' onchange ', ' onclick ', ' oncontextmenu ', ' oncontrolselect ', ' Oncopy ', ' oncut ', ' ondataavailable ', ' ondatasetchanged ', ' ondatasetcomplete ', ' ondblclick ', ' ondeactivate ', ' Ondrag ', ' Ondragend ', ' ondragenter ', ' ondragleave ', ' ondragover ', ' ondragstart ', ' ondrop ', ' onerror ', ' onerrorupdate ', ' Onfilterchange ', ' onfinish ', ' onfocus ', ' onfocusin ', ' onfocusout ', ' onhelp ', ' onkeydown ', ' onkeypress ', ' onkeyup ', ' Onlayoutcomplete ', ' onload ', ' onlosecapture ', ' onmousedown ', ' onmouseenter ', ' onmouseleave ', ' onmousemove ', ' onMouseOut ', ' onmouseover ', ' onmouseup ', ' onmousewheel ', ' onmove ', ' onmoveend ', ' onmovestart ', ' onpaste ', ' Onpropertychange ', ' onreadystatechange ', ' onreset ', ' onresize ', ' onresizeend ', ' OnresizestarT ', ' onrowenter ', ' onrowexit ', ' onrowsdelete ', ' onrowsinserted ', ' onscroll ', ' onselect ', ' onselectionchange ', ' Onselectstart ', ' onstart ', ' onstop ', ' onsubmit ', ' onunload '; $ra = Array_merge ($ra 1, $ra 2); $found = true; Keep replacing as long as the previous round replaced something while ($found = = True) { $val _before = $val; for ($i = 0; $i < sizeof ($RA); $i + +) { $pattern = '/'; for ($j = 0; $j < strlen ($ra [$i]); $j + +) { if ($j > 0) { $pattern. = ' ('; $pattern. = ' (&#[x| x]0{0,8} ([9][a][b]); $pattern. = ' | (& #0 {0,8} ([9][10][13]); $pattern. = ')? '; } $pattern. = $ra [$i] [$j]; } $pattern. = '/I '; $replacement = substr ($ra [$i], 0, 2). ' <x> '. substr ($ra [$i], 2); Add in <> to nerf the tag $val = Preg_replace ($pattern, $replacement, $val); Filter out the hex tags if ($val _before = = $val) { No replacements were made, so exit the loop $found = false; } } } } |