function
isXss()
02.
{
03.
$temp
=
strtoupper
(urldecode(urldecode(
$_SERVER
[
'REQUEST_URI'
])));
04.
if
(
strpos
(
$temp
,
'<'
) !== false ||
strpos
(
$temp
,
'"'
) !== false ||
strpos
(
$temp
,
'CONTENT-TRANSFER-ENCODING'
) !== false)
05.
{
06.
return
true;
//为xss攻击
07.
}
08.
return
false;
09.
}
10.
11.
if
(isXss())
12.
{
13.
//在这里处理处理
14.
}