Posted inUncategorized

php xxs temizleme

php xxs temizleme çok kaliteli ve işe yarar..

javascriptle bulaşacak tüm zararlı kodları temizler

bu siteden tüm testleri yapabilirsiniz

function xss_clean($str)
   {

       if (is_array($str) OR is_object($str))
        {
         foreach ($str as $k => $s)
         {
             $str[$k] = xss_clean($s);
         }

           return $str;
      }

       // Remove all NULL bytes
      $str = str_replace("", '', $str);

       // Fix &entityn;
      $str = str_replace(array('&',''), array('&',''), $str);
        $str = preg_replace('/(w+)[x00-x20]+;/u', '$1;', $str);
      $str = preg_replace('/([0-9A-F]+);/iu', '$1;', $str);
       //$str = html_entity_decode($str, ENT_COMPAT, $charset); //org
$str = html_entity_decode($str, ENT_COMPAT);
      // Remove any attribute starting with "on" or xmlns
       $str = preg_replace('#(?:on[a-z]+|xmlns)s=s['"x00-x20]?[^'>"]['"x00-x20]?s?#iu', '', $str);

       // Remove javascript: and vbscript: protocols
     $str = preg_replace('#([a-z])[x00-x20]=[x00-x20]([`'"])[x00-x20]j[x00-x20]a[x00-x20]v[x00-x20]a[x00-x20]s[x00-x20]c[x00-x20]r[x00-x20]i[x00-x20]p[x00-x20]t[x00-x20]:#iu', '$1=$2nojavascript...', $str);
      $str = preg_replace('#([a-z])[x00-x20]=(['"])[x00-x20]v[x00-x20]b[x00-x20]s[x00-x20]c[x00-x20]r[x00-x20]i[x00-x20]p[x00-x20]t[x00-x20]:#iu', '$1=$2novbscript...', $str);
     $str = preg_replace('#([a-z])[x00-x20]=(['"])[x00-x20]-moz-binding[x00-x20]:#u', '$1=$2nomozbinding...', $str);

        // Only works in IE: 
     $str = preg_replace('#(]+?)style[x00-x20]=[x00-x20]['"]*.*?expression[x00-x20]*([^&gt;]*+&gt;#is', '$1&gt;', $str);<br />        $str = preg_replace('#(]+?)style[x00-x20]*=[x00-x20]*['"].?behaviour[x00-x20]([^>]+>#is', '$1>', $str);
     $str = preg_replace('#(]+?)style[x00-x20]=[x00-x20][`'"].?s[x00-x20]c[x00-x20]r[x00-x20]i[x00-x20]p[x00-x20]t[x00-x20]:[^>]+>#ius', '$1>', $str);

      // Remove namespaced elements (we do not need them)
       $str = preg_replace('#]+>#i', '', $str);

      do
        {
         // Remove really unwanted tags
            $old = $str;
          $str = preg_replace('#<!--(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^-->]*+>#i', '', $str);
        }
     while ($old !== $str);

      return $str;
  }

Tags: