看到你,梁松远的博客

位置 » 主页 » 代码分享 » php函数防止xss攻击,xss过滤代码

php函数防止xss攻击,xss过滤代码

 function remove_xss($html) {

$text = str_replace("\r","\n",$html);
$text = preg_replace("/\t+/", ' ', $text);
$text = preg_replace("/\n+/","[^N$]",$text);
$text = preg_replace("/<script([^>]*)>(.*?)<\/script>/is", '', $text);
$text = preg_replace("/<style([^>]*)>(.*?)<\/style>/is", '', $text);
$text = preg_replace("/<head([^>]*)>(.*?)<\/head>/is", '', $text);
$text = preg_replace("/<!--(.*?)-->/is", '', $text);
//$text = @strip_tags($text,'<img>');
$text = @strip_tags($text,'<img><p><br><blockquote>');
//$text = preg_replace("/<\/?([a-z0-9_\-]+)([^>]*)>/is", '', $text);
$text = preg_replace("/\s+/", ' ', $text);
$text = str_replace("[^N$]","\n",$text);
$text = preg_replace("/\n+/","\n",$text);
$text = str_ireplace('&nbsp;',' ',$text);
//$text = str_replace(array('&amp;', '&quot;', '&lt;', '&gt;'), array('&', '"', '<', '>'), $text);
$text = @html_entity_decode($text,ENT_NOQUOTES,'UTF-8');
//$text = str_replace(array('<','>'),array('&lt;','&gt;'),$text);
$txt = array();
foreach ( explode("\n",trim($text)) AS $line ) {
$line = trim(preg_replace(array("/^\s+/","/\s+$/","/ +/"),'',trim($line)));
if ( $line !== '' ) {
$txt[] = $line;
}
}
unset($text);
return implode("\r\n",$txt);
}