Home >Backend Development >PHP Tutorial >php defense against XSS attacks

php defense against XSS attacks

WBOY
WBOYOriginal
2016-07-25 09:01:051270browse
php防御XSS攻击,使用方法和详情看 http://www.tongqiong.com/read.php?tid-474.html
  1. function remove_xss($val) {
  2. // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
  3. // this prevents some character re-spacing such as
  4. // note that you have to handle splits with n, r, and t later since they *are* allowed in some inputs
  5. $val = preg_replace('/([x00-x08,x0b-x0c,x0e-x19])/', '', $val);
  6. // straight replacements, the user should never need these since they're normal characters
  7. // this prevents like
  8. $search = 'abcdefghijklmnopqrstuvwxyz';
  9. $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  10. $search .= '1234567890!@#$%^&*()';
  11. $search .= '~`";:?+/={}[]-_|'\';
  12. for ($i = 0; $i < strlen($search); $i++) {
  13. // ;? matches the ;, which is optional
  14. // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
  15. // @ @ search for the hex values
  16. $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
  17. // @ @ 0{0,7} matches '0' zero to seven times
  18. $val = preg_replace('/(?{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
  19. }
  20. //http://www.tongqiong.com
  21. // now the only remaining whitespace attacks are t, n, and r
  22. $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
  23. $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
  24. $ra = array_merge($ra1, $ra2);
  25. $found = true; // keep replacing as long as the previous round replaced something
  26. while ($found == true) {
  27. $val_before = $val;
  28. for ($i = 0; $i < sizeof($ra); $i++) {
  29. $pattern = '/';
  30. for ($j = 0; $j < strlen($ra[$i]); $j++) {
  31. if ($j > 0) {
  32. $pattern .= '(';
  33. $pattern .= '([xX]0{0,8}([9ab]);)';
  34. $pattern .= '|';
  35. $pattern .= '|(?{0,8}([9|10|13]);)';
  36. $pattern .= ')*';
  37. }
  38. $pattern .= $ra[$i][$j];
  39. }
  40. $pattern .= '/i';
  41. $replacement = substr($ra[$i], 0, 2).''.substr($ra[$i], 2); // add in <> to nerf the tag
  42. $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
  43. if ($val_before == $val) {
  44. // no replacements were made, so exit the loop
  45. $found = false;
  46. }
  47. }
  48. }
  49. return $val;
  50. }
复制代码


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn