php 惡意代碼過濾函數

最後更新：2017-01-13 來源：互聯網

上載者：User

創建阿里雲帳戶，並獲得超過 40 款產品的免費試用版；而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊！

Public Function DecodeFilter(html, filter)
   html=LCase(html)
   filter=split(filter,",")
   For Each i In filter
      Select Case i
         Case "SCRIPT"    ' 去除所有用戶端指令碼javascipt,vbscript,jscript,js,vbs,event,...
            html = exeRE("(javascript|jscript|vbscript|vbs):", "#", html)
            html = exeRE("</?script[^>]*>", "", html)
            html = exeRE("on(mouse|exit|error|click|key)", "", html)
         Case "TABLE":    ' 去除表格<table><tr><td><th>
            html = exeRE("</?table[^>]*>", "", html)
            html = exeRE("</?tr[^>]*>", "", html)
            html = exeRE("</?th[^>]*>", "", html)
            html = exeRE("</?td[^>]*>", "", html)
            html = exeRE("</?tbody[^>]*>", "", html)
         Case "CLASS"    ' 去除樣式類class=""
            html = exeRE("(<[^>]+) class=[^ |^>]*([^>]*>)", "$1 $2", html)
         Case "STYLE"    ' 去除樣式style=""
            html = exeRE("(<[^>]+) style=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(<[^>]+) style='[^']*'([^>]*>)", "$1 $2", html)
         Case "IMG"    ' 去除樣式style=""
            html = exeRE("</?img[^>]*>", "", html)
         Case "XML"    ' 去除XML<?xml>
            html = exeRE("<\?xml[^>]*>", "", html)
         Case "NAMESPACE" ' 去除命名空間<o></o>
            html = exeRE("</?[a-z]+:[^>]*>", "", html)
         Case "FONT"    ' 去除字型<font></font>
            html = exeRE("</?font[^>]*>", "", html)
            html = exeRE("</?a[^>]*>", "", html)
            html = exeRE("</?span[^>]*>", "", html)
            html = exeRE("</?br[^>]*>", "", html)
         Case "MARQUEE"    ' 去除字幕<marquee></marquee>
            html = exeRE("</?marquee[^>]*>", "", html)
         Case "OBJECT"    ' 去除對象<object><param><embed></object>
            html = exeRE("</?object[^>]*>", "", html)
            html = exeRE("</?param[^>]*>", "", html)
            'html = exeRE("</?embed[^>]*>", "", html)
         Case "EMBED"
            html =  exeRE("</?embed[^>]*>", "", html)
         Case "DIV"    ' 去除對象<object><param><embed></object>
            html = exeRE("</?div([^>])*>", "$1", html)
            html = exeRE("</?p([^>])*>", "$1", html)
         Case "ONLOAD"    ' 去除樣式style=""
            html = exeRE("(<[^>]+) onload=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(<[^>]+) onload='[^']*'([^>]*>)", "$1 $2", html)
         Case "ONCLICK"    ' 去除樣式style=""
            html = exeRE("(<[^>]+) onclick=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(<[^>]+) onclick='[^']*'([^>]*>)", "$1 $2", html)
         Case "ONDBCLICK"    ' 去除樣式style=""
            html = exeRE("(<[^>]+) ondbclick=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(<[^>]+) ondbclick='[^']*'([^>]*>)", "$1 $2", html)

      End Select
   Next
   'html = Replace(html,"<table","<")
   'html = Replace(html,"<tr","<")
   'html = Replace(html,"<td","<")
   DecodeFilter = html
End Function

本文章原先以中文撰寫並發佈於 aliyun.com，亦設英文版本，僅作資訊用途。本網站不對文章的準確性，完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴，請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡，一經驗證之後，即會刪除該侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More