php xss漏洞修复用到的一些函数

$text = '<p>"Test paragraph".</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo html_entity_decode(htmlentities(strip_tags(stripslashes(addslashes($text))), ENT_QUOTES), ENT_QUOTES);
exit;
$pregs = '/select|insert|update|CR|document|LF|eval|delete|script|alert|\'|\/\*|\#|\--|\ --|\/|\*|\-|\+|\=|\~|\*@|\*!|\$|\%|\^|\&|\(|\)|\/|\/\/|\.\.\/|\.\/|union|into|load_file|outfile/';
$check= preg_match($pregs,'刘超');
if($check == 1){
  header("HTTP/1.0 404 Not Found");
  exit;
}

htmlentities

addslashes

strip_tags

防止页面html结构被破坏,防止xss漏洞,cookie会话信息被篡取利用

05-07 15:38