码迷,mamicode.com
首页 > 其他好文 > 详细

XSS攻击

时间:2015-09-23 19:07:05      阅读:131      评论:0      收藏:0      [点我收藏+]

标签:

什么是XSS?

http://www.cnblogs.com/bangerlee/archive/2013/04/06/3002142.html

XSS攻击及防御?

http://blog.csdn.net/ghsau/article/details/17027893

<?PHP
/**
 * @blog http://www.phpddt.com
 * @param $string
 * @param $low 安全别级低
 */
function clean_xss(&$string, $low = False)
{
    if (! is_array ( $string ))
    {
        $string = trim ( $string );
        $string = strip_tags ( $string );
        $string = htmlspecialchars ( $string );
        if ($low)
        {
            return True;
        }
        $string = str_replace ( array (‘"‘, "\\", "‘", "/", "..", "../", "./", "//" ), ‘‘, $string );
        $no = ‘/%0[0-8bcef]/‘;
        $string = preg_replace ( $no, ‘‘, $string );
        $no = ‘/%1[0-9a-f]/‘;
        $string = preg_replace ( $no, ‘‘, $string );
        $no = ‘/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S‘;
        $string = preg_replace ( $no, ‘‘, $string );
        return True;
    }
    $keys = array_keys ( $string );
    foreach ( $keys as $key )
    {
        clean_xss ( $string [$key] );
    }
}
//just a test
$str = ‘phpddt.com<meta http-equiv="refresh" content="0;">‘;
clean_xss($str); //如果你把这个注释掉,你就知道xss攻击的厉害了
echo $str;
?>

 

XSS攻击

标签:

原文地址:http://www.cnblogs.com/liuwei9002/p/4832610.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!