Heim > Artikel > Backend-Entwicklung > php 恶意代码过滤函数_PHP教程

php 恶意代码过滤函数_PHP教程

WBOYOriginal: 2016-07-13 17:09:201120Durchsuche

php 恶意代码过滤函数

Public Function DecodeFilter(html, filter)
   html=LCase(html)
   filter=split(filter,",")
   For Each i In filter
      Select Case i
         Case "SCRIPT"    ' 去除所有客户端脚本javascipt,vbscript,jscript,js,vbs,event,...
            html = exeRE("(javascript|jscript|vbscript|vbs):", "#", html)
            html = exeRE("?script[^>]*>", "", html)
            html = exeRE("on(mouse|exit|error|click|key)", "", html)
         Case "TABLE":    ' 去除表格

'html = Replace(html," DecodeFilter = html
End Function

            html = exeRE("?table[^>]*>", "", html)
            html = exeRE("?tr[^>]*>", "", html)
            html = exeRE("?th[^>]*>", "", html)
            html = exeRE("?td[^>]*>", "", html)
            html = exeRE("?tbody[^>]*>", "", html)
         Case "CLASS"    ' 去除样式类class=""
            html = exeRE("(]+) class=[^ |^>]*([^>]*>)", "$1 $2", html)
         Case "STYLE"    ' 去除样式
            html = exeRE("(]+) [^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(]+) style='[^']*'([^>]*>)", "$1 $2", html)
         Case "IMG"    ' 去除样式
            html = exeRE("?img[^>]*>", "", html)
         Case "XML"    ' 去除XML
            html = exeRE("]*>", "", html)
         Case "NAMESPACE" ' 去除命名空间>

>
            html = exeRE("]*>", "", html)
         Case "FONT"    ' 去除字体
            html = exeRE("?font[^>]*>", "", html)
            html = exeRE("?a[^>]*>", "", html)
            html = exeRE("?span[^>]*>", "", html)
            html = exeRE("?br[^>]*>", "", html)
         Case "MARQUEE"    ' 去除字幕
            html = exeRE("?marquee[^>]*>", "", html)
         Case "OBJECT"    ' 去除对象

            html = exeRE("?object[^>]*>", "", html)
            html = exeRE("?param[^>]*>", "", html)
            'html = exeRE("?embed[^>]*>", "", html)
         Case "EMBED"
            html =  exeRE("?embed[^>]*>", "", html)
         Case "DIV"    ' 去除对象

            html = exeRE("?div([^>])*>", "$1", html)
            html = exeRE("?p([^>])*>", "$1", html)
         Case "ONLOAD"    ' 去除样式
            html = exeRE("(]+) onload=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(]+) onload='[^']*'([^>]*>)", "$1 $2", html)
         Case "ONCLICK"    ' 去除样式
            html = exeRE("(]+) onclick=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(]+) onclick='[^']*'([^>]*>)", "$1 $2", html)
         Case "ONDBCLICK"    ' 去除样式
            html = exeRE("(]+) ondbclick=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(]+) ondbclick='[^']*'([^>]*>)", "$1 $2", html)

      End Select
   Next
   'html = Replace(html,"

'html = Replace(html,"

Stellungnahme：

Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn

Vorheriger Artikel：php get post传递数据安全问题_PHP教程Nächster Artikel：php 字符串检查类_PHP教程

In Verbindung stehende Artikel

Mehr sehen