过滤在线编辑器产生的不安全html代码.

最新推荐文章于 2021-07-16 18:27:32 发布

wssxy

最新推荐文章于 2021-07-16 18:27:32 发布

阅读量238

点赞数

文章标签： javascript php ViewUI

<? php

/* *

*过滤在线编辑器产生的不安全html代码.

*

*PHPversions4and5

*

*@copyright版权所无，任意传播.

*@linkhttp://www.52sunny.net

*@namehtml过滤

*@versionv0.0.10

*@authorLucklrj(sunny_lrj@yeah.net,qq:7691272)

*@lastmodified2006-06-0910:42(Tue,2006-06-09)

*@notice此版本只过滤js,框架，表单。

作者能力有限，使用本程序若产生任何安全问题，与本人无关。

欢迎来信与我交流。

*/

$str = " <tr><tdbgcolor='#FFFFFF'>

<divstyle='url(123.offsetWidth)> " ;

// $str="url(javascript:x)";

/* 不需要过滤的数组 */

$htm_on = array (

" <acronym " , " acronym> " ,

" <baseFont " , " baseFont> " ,

" <button " , " button> " ,

" <caption " , " caption> " ,

" <clientInformation " , " clientInformation> " ,

" <font " , " font> " ,

" <implementation " , " implementation> " ,

" <button " , " button> " ,

" <location " , " location> " ,

" <option " , " option> " ,

" <selection " , " selection> " ,

" <strong " , " strong> " );

$htm_on_uper = array (

" <ACRONYM " , " ACRONYM> " ,

" <BASEFONT " , " BASEFONT> " ,

" <BUTTON " , " BUTTON> " ,

" <CAPTION " , " CAPTION> " ,

" <CLIENTINFORMATION " , " CLIENTINFORMATION> " ,

" <FONT " , " FONT> " ,

" <IMPLEMENTATION " , " IMPLEMENTATION> " ,

" <BUTTON " , " BUTTON> " ,

" <LOCATION " , " LOCATION> " ,

" <OPTION " , " OPTION> " ,

" <SELECTION " , " SELECTION> " ,

" <STRONG " , " STRONG> " );

/* 字符格式 */

$str = strtolower ( $str );

$str = preg_replace ( " /s+/ " , " " , $str ); // 过滤回车

$str = preg_replace ( " /+/ " , " " , $str ); // 过滤多个空格

/* 过滤/替换几种形式的js */

$str = preg_replace ( " /<(script.*?)>(.*?)<(/script.*?)>/si " , "" , $str ); // 删除<script>。。。</script>格式，

//$str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","</1>/2</3>",$str);//替换为可以显示的，

$str = preg_replace ( " /<(script.*?)>/si " , "" , $str ); // 删除<script>未封闭

//$str=preg_replace("/<(script.*?)>/si","</1>",$str);//替换未封闭

/* 删除/替换表单 */

$str = preg_replace ( " /<(/?form.*?)>/si " , "" , $str ); // 删除表单

//$str=preg_replace("/<(/?form.*?)>/si","</1>",$str);//替换表单

$str = preg_replace ( " /<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si " , "" , $str ); // 删除框架

//$str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","</1>/2</3>",$str);//替换框架

/* 过滤on事件 */

$str = preg_replace ( " /href=(.+?)(["|'||>])/ie " , " 'href='.strtoupper('/1').'/2' " , $str ); // 把href=涉及到的on转换为大写。

$str = str_replace ( $htm_on , $htm_on_uper , $str ); // 把<font,font>换为大写,dhtml标签字符，正则判断太烦琐，采用转换办法。

$str = preg_replace ( " /(on[^.<>]+?)([|>])/s " , " /2 " , $str ); // 取掉on事件

/* 过滤超级连接的js */

$str = preg_replace ( " /(href|src|background|url|dynsrc|expression|codebase)[=:(](["']*?w+..*?|javascript|vbscript:[^>]*?)()?)([>/])/si " , " /1='#'/3/4 " , $str ); // 取掉href=javascript:

//返回小写字符

$str = strtolower ( $str );

$str = str_replace ( " & " , " & " , $str );

echo $str ;

?>

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。