本文介绍下,php实现的过滤非法字符与特殊字符串的方法,有需要的朋友参考下。
提供几段函数,实现非法字符串、特殊字符串的过滤方法。
代码:
'),array('','?>'),$html);
$pattern=array(
"''si",
"''si",
"']*?>'si",
"''si",
"']*?>'si"
);
$replace=array("","","","","");
return preg_replace($pattern,$replace,$html);
}
/* Remove JS/CSS/IFRAME/FRAME 过滤JS/CSS/IFRAME/FRAME/XSS等恶意攻击代码(可安全使用)
* Return string
*/
function cleanJsCss($html){
$html=trim($html);
$html=preg_replace('/\0+/', '', $html);
$html=preg_replace('/(\\\\0)+/', '', $html);
$html=preg_replace('#(&\#*\w+)[\x00-\x20]+;#u',"\\1;",$html);
$html=preg_replace('#(&\#x*)([0-9A-F]+);*#iu',"\\1\\2;",$html);
$html=preg_replace("/%u0([a-z0-9]{3})/i", "\\1;", $html);
$html=preg_replace("/%([a-z0-9]{2})/i", "\\1;", $html);
$html=str_replace(array('','?>'),array('','?>'),$html);
$html=preg_replace('#\t+#',' ',$html);
$scripts=array('javascript','vbscript','script','applet','alert','document','write','cookie','window');
foreach($scripts as $script){
$temp_str="";
for($i=0;$i#si", "", $html);
$html=preg_replace("##si", "", $html);
$html=preg_replace('#(]*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|
onkeypress|onkeydown|onkeyup|onresize)[^>]*>#is',"\\1>",$html);
//$html=preg_replace('#]*)>#is', "", $html);
$html=preg_replace('#]*)>#is', "", $html);
$html=preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si',
"\\1\\2(\\3)", $html);
$bad=array(
'document.cookie' => '',
'document.write' => '',
'window.location' => '',
"javascript\s*:" => '',
"Redirect\s+302" => '',
'' => '-->'
);
foreach ($bad as $key=>$val){
$html=preg_replace("#".$key."#i",$val,$html);
}
return $html;
}
//过滤html标签以及敏感字符
function cleanHtml($html){
return cleanYellow(htmlspecialchars($html));
}
//过滤部分HTML标签
function cleanFilter($html){
$html=trim($html);
$html=preg_replace("/]*?>/is","
",$html);
$html=preg_replace("/
]*?>/is"," ",$html);
$html=preg_replace("/ ]*?>/is","",$html);
$html=preg_replace("/- ]*?>/is","
- ",$html);
$html=preg_replace("/]*?/is","",$html);
$html=preg_replace("/]*?>(.*)?/is","\$发达",$html);
$html=preg_replace("/
]*?>/is","",$html);
$html=preg_replace("/]*?>/is","
",$html);
$html=preg_replace("/]*?>/is"," |
",$html);
$html=preg_replace("/]*?>/is","",$html);
$html=preg_replace("/
|
声明:本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn核实处理。
相关文章
相关视频
|
网友评论
文明上网理性发言,请遵守 新闻评论服务协议
我要评论