function removeXSS($input) {
$patterns = array ();
$patterns [] = '/<script.*>.*<\/script>/siU';
$patterns [] = '/<iframe.*>.*<\/iframe>/siU';
$patterns [] = '/<input(.*submit.*)(\>|\/\>)/siUe';
$patterns [] = '/<form(.*action.*)>/siUe';
$patterns [] = '/on(abort|activate|afterprint|afterupdate|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cellchange|change|click|contextmenu|controlselect|copy|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|error|errorupdate|filterchange|finish|focus|focusin|focusout|help|keydown|keypress|keyup|layoutcomplete|load|losecapture|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|paste|propertychange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|select|selectionchange|selectstart|start|stop|submit|unload)\s*=\s*(\'|")[^"]*(\'|")/i';
$replacements = array ('', '', '', '', '' );
return preg_replace ( $patterns, $replacements, $input );
}
PHP防止XSS注入
最新推荐文章于 2024-07-01 11:05:25 发布