建站云服务器的php如何过滤xss攻击

发布人：欢子发布时间：2026-01-21 15:02 阅读量：9

建站云服务器的php过滤xss攻击的示例：

在对应的php文件中添加以下代码：

functionRemoveXSS($val){

//removeallnon-printablecharacters.CR(0a)andLF(0b)andTAB(9)areallowed

//thispreventssomecharacterre-spacingsuchas

//notethatyouhavetohandlesplitswith\n,\r,and\tlatersincethey*are*allowedinsomeinputs

$val=preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','',$val);

//straightreplacements,theusershouldneverneedthesesincethey'renormalcharacters

//thispreventslike

$search='abcdefghijklmnopqrstuvwxyz';

$search.='ABCDEFGHIJKLMNOPQRSTUVWXYZ';

$search.='1234567890!@#$%^&*()';

$search.='~`";:?+/={}[]-_|\'\\';

for($i=0;$i

//;?matchesthe;,whichisoptional

//0{0,7}matchesanypaddedzeros,whichareoptionalandgoupto8chars

//@@searchforthehexvalues

$val=preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i',$search[$i],$val);//witha;

//@@0{0,7}matches'0'zerotoseventimes

$val=preg_replace('/(�{0,8}'.ord($search[$i]).';?)/',$search[$i],$val);//witha;

}

//nowtheonlyremainingwhitespaceattacksare\t,\n,and\r

$ra1=Array('javascript','vbscript','expression','applet','meta','xml','blink','link','style','script','embed','object','iframe','frame','frameset','ilayer','layer','bgsound','title','base');

$ra2=Array('onabort','onactivate','onafterprint','onafterupdate','onbeforeactivate','onbeforecopy','onbeforecut','onbeforedeactivate','onbeforeeditfocus','onbeforepaste','onbeforeprint','onbeforeunload','onbeforeupdate','onblur','onbounce','oncellchange','onchange','onclick','oncontextmenu','oncontrolselect','oncopy','oncut','ondataavailable','ondatasetchanged','ondatasetcomplete','ondblclick','ondeactivate','ondrag','ondragend','ondragenter','ondragleave','ondragover','ondragstart','ondrop','onerror','onerrorupdate','onfilterchange','onfinish','onfocus','onfocusin','onfocusout','onhelp','onkeydown','onkeypress','onkeyup','onlayoutcomplete','onload','onlosecapture','onmousedown','onmouseenter','onmouseleave','onmousemove','onmouseout','onmouseover','onmouseup','onmousewheel','onmove','onmoveend','onmovestart','onpaste','onpropertychange','onreadystatechange','onreset','onresize','onresizeend','onresizestart','onrowenter','onrowexit','onrowsdelete','onrowsinserted','onscroll','onselect','onselectionchange','onselectstart','onstart','onstop','onsubmit','onunload');

$ra=array_merge($ra1,$ra2);

$found=true;//keepreplacingaslongasthepreviousroundreplacedsomething

while($found==true){

$val_before=$val;

for($i=0;$i

$pattern='/';

for($j=0;$j

if($j>0){

$pattern.='(';

$pattern.='(&#[xX]0{0,8}([9ab]);)';

$pattern.='|';

$pattern.='|(�{0,8}([9|10|13]);)';