男人吃奶摸下挵进去好爽,日日躁夜夜躁狠狠躁,freesexvide0s性欧美高清,高清freexxxx性国产,无码人妻一区二区三区一,乱人伦中文字幕成人网站在线,亚洲欧美综合一区二区三区 ,神马影院在线视频观看
知識(shí)學(xué)堂
  • ·聯(lián)系電話:+86.023-75585550
  • ·聯(lián)系傳真:+86.023-75585550
  • ·24小時(shí)手機(jī):13896886023
  • ·QQ 咨 詢:361652718 513960520
當(dāng)前位置 > 首頁 > 知識(shí)學(xué)堂 > 常見技術(shù)問題
過濾XSS攻擊的函數(shù)
更新時(shí)間:2012-10-10 | 發(fā)布人:本站 | 點(diǎn)擊率:3130
XSS攻擊在最近很是流行,往往在某段代碼里一不小心就會(huì)被人放上XSS攻擊的代碼,看到國外有人寫上了函數(shù),咱也偷偷懶,悄悄的貼上來。。。

原文如下:
The goal of this function is to be a generic function that can be used to parse almost any input and render it XSS safe. For more information on actual XSS attacks, check out http://ha.ckers.org/xss.html. Another excellent site is the XSS Database which details each attack and how it works.

PHP代碼
<?php  
function RemoveXSS($val) {  
   // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed  
   // this prevents some character re-spacing such as <java/0script>  
   // note that you have to handle splits with /n, /r, and /t later since they *are* allowed in some inputs  
   $val = preg_replace(‘/([/x00-/x08,/x0b-/x0c,/x0e-/x19])/’, ”, $val);  
     
   // straight replacements, the user should never need these since they’re normal characters  
   // this prevents like <IMG SRC=@avascript:alert(‘XSS’)>  
   $search = ‘a(chǎn)bcdefghijklmnopqrstuvwxyz’; 
   $search .= ‘ABCDEFGHIJKLMNOPQRSTUVWXYZ’;  
   $search .= ’1234567890!@#$%^&*()’; 
   $search .= ‘~`”;:?+/={}[]-_|/’//’; 
   for ($i = 0; $i < strlen($search); $i++) { 
      // ;? matches the ;, which is optional 
      // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars 
    
      // @ @ search for the hex values 
      $val = preg_replace(‘/(&#[xX]0{0,8}’.dechex(ord($search[$i])).’;?)/i’, $search[$i], $val); // with a ; 
      // @ @ 0{0,7} matches ’0′ zero to seven times  
      $val = preg_replace(‘/(&#0{0,8}’.ord($search[$i]).’;?)/’, $search[$i], $val); // with a ; 
   } 
    
   // now the only remaining whitespace attacks are /t, /n, and /r 
   $ra1 = Array(‘javascript’, ‘vbscript’, ‘expression’, ‘a(chǎn)pplet’, ‘meta’, ‘xml’, ‘blink’, ‘link’, ‘style’, ‘script’, ‘embed’, ‘object’, ‘iframe’, ‘frame’, ‘frameset’, ‘ilayer’, ‘layer’, ‘bgsound’, ‘title’, ‘base’); 
   $ra2 = Array(‘onabort’, ‘onactivate’, ‘onafterprint’, ‘onafterupdate’, ‘onbeforeactivate’, ‘onbeforecopy’, ‘onbeforecut’, ‘onbeforedeactivate’, ‘onbeforeeditfocus’, ‘onbeforepaste’, ‘onbeforeprint’, ‘onbeforeunload’, ‘onbeforeupdate’, ‘onblur’, ‘onbounce’, ‘oncellchange’, ‘onchange’, ‘onclick’, ‘oncontextmenu’, ‘oncontrolselect’, ‘oncopy’, ‘oncut’, ‘ondataavailable’, ‘ondatasetchanged’, ‘ondatasetcomplete’, ‘ondblclick’, ‘ondeactivate’, ‘ondrag’, ‘ondragend’, ‘ondragenter’, ‘ondragleave’, ‘ondragover’, ‘ondragstart’, ‘ondrop’, ‘onerror’, ‘onerrorupdate’, ‘onfilterchange’, ‘onfinish’, ‘onfocus’, ‘onfocusin’, ‘onfocusout’, ‘onhelp’, ‘onkeydown’, ‘onkeypress’, ‘onkeyup’, ‘onlayoutcomplete’, ‘onload’, ‘onlosecapture’, ‘onmousedown’, ‘onmouseenter’, ‘onmouseleave’, ‘onmousemove’, ‘onmouseout’, ‘onmouseover’, ‘onmouseup’, ‘onmousewheel’, ‘onmove’, ‘onmoveend’, ‘onmovestart’, ‘onpaste’, ‘onpropertychange’, ‘onreadystatechange’, ‘onreset’, ‘onresize’, ‘onresizeend’, ‘onresizestart’, ‘onrowenter’, ‘onrowexit’, ‘onrowsdelete’, ‘onrowsinserted’, ‘onscroll’, ‘onselect’, ‘onselectionchange’, ‘onselectstart’, ‘onstart’, ‘onstop’, ‘onsubmit’, ‘onunload’); $ra = array_merge($ra1, $ra2); 
    
   $found = true; // keep replacing as long as the previous round replaced something 
   while ($found == true) { 
      $val_before = $val; 
      for ($i = 0; $i < sizeof($ra); $i++) { 
         $pattern = ‘/’; 
         for ($j = 0; $j < strlen($ra[$i]); $j++) { 
            if ($j > 0) { 
               $pattern .= ‘(‘;  
               $pattern .= ‘(&#[xX]0{0,8}([9ab]);)’; 
               $pattern .= ‘|’;  
               $pattern .= ‘|(&#0{0,8}([9|10|13]);)’; 
               $pattern .= ‘)*’; 
            } 
            $pattern .= $ra[$i][$j]; 
         } 
         $pattern .= ‘/i’;  
         $replacement = substr($ra[$i], 0, 2).’<x>’.substr($ra[$i], 2); // add in <> to nerf the tag  
         $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags  
         if ($val_before == $val) {  
            // no replacements were made, so exit the loop  
            $found = false;  
         }  
      }  
   }  
   return $val;  
}   
經(jīng)過這樣的過濾后,應(yīng)該被攻擊的機(jī)會(huì)會(huì)少上很多吧?試試看呢?

分享到: QQ空間 新浪微博 開心網(wǎng) 人人網(wǎng)
主站蜘蛛池模板: 亚洲天堂男人影院| 国产免费一区二区三区不卡| 国产肥白大熟妇bbbb视频| 国产精品毛片在线完整版| 久久久久人妻精品一区三寸| 国产国语对白露脸正在播放| 亚洲日韩中文无码久久| 国产三级a在线观看| 99久热re在线精品99 6热视频| 国产精品午夜福利视频234区| 久久久久国产精品免费免费搜索| 一本大道av伊人久久综合| 99久久久无码国产精品性| 超碰人人超碰人人| 在线观看日本亚洲一区| 综合一区无套内射中文字幕| 国产欧美精品另类又又久久| 久久女婷五月综合色啪小说| 久久久精品欧美一区二区免费| 美女裸体十八禁免费网站| 天天摸夜夜添狠狠添高潮出水 | 人人爽久久涩噜噜噜av| 日韩亚洲欧美久久久www综合| 日本猛少妇色xxxxx猛叫| 国产高清在线精品一区二区三区| 日本妇人成熟免费中文字幕| 老外女人毛黑p大| 中国老妇xxxx性开放| 麻花豆传媒剧国产mv| 午夜性做爰电影| 中文成人无字幕乱码精品区| 国产欧美久久久精品影院| 亚洲小说图区综合在线| 麻花豆传媒剧国产mv| 中文成人无字幕乱码精品区| 最新亚洲av电影网站| 国产一区二区三区在线视頻| 国产爆乳无码一区二区麻豆| 内射人妻骚骚骚| 亚洲人成在久久综合网站| av天堂午夜精品一区|