PHP技巧:過濾在線編輯器產生的不安全html代碼_PHP教程
教程Tag:暫無Tag,歡迎添加,賺取U幣!
推薦:淺析FCKeditor 的配置和使用方法FCKeditor 是一個十分強大的網頁文本編輯器,它支持多種腳本編程語言(包括 PHP)和支持多國語言。 FCKeditor 截至 2008年4月6日,其最新版本是 2.6RC,RC 就是 Release Candidate,修訂后的候選版本,很可能作為該版本的穩定版在未來發布。目前的最新的穩定版
<?php
/**
* 過濾在線編輯器產生的不安全html代碼.
*
* PHP versions 4 and 5
*
* @copyright 版權所無,任意傳播.
* @link http://www.52sunny.net
* @name html過濾
* @version v 0.0.10
* @author Lucklrj (sunny_lrj@yeah.net,qq:7691272)
* @lastmodified 2006-06-09 10:42 (Tue, 2006-06-09)
* @notice 此版本只過濾js,框架,表單。
作者能力有限,使用本程序若產生任何安全問題,與本人無關。
歡迎來信與我交流。
*/ str="<tr><td bgcolor='#FFFFFF'>
<div style='url(123.offsetWidth)>";
//str="url(javascript:x)";
/*不需要過濾的數組*/
htm_on=array(
"<acronym","acronym>",
"<baseFont","baseFont>",
"<button","button>",
"<caption","caption>",
"<clientInformation","clientInformation>",
"<font","font>",
"<implementation","implementation>",
"<button","button>",
"<location","location>",
"<option","option>",
"<selection","selection>",
"<strong","strong>");
htm_on_uper=array(
"<ACRONYM","ACRONYM>",
"<BASEFONT","BASEFONT>",
"<BUTTON","BUTTON>",
"<CAPTION","CAPTION>",
"<CLIENTINFORMATION","CLIENTINFORMATION>",
"<FONT","FONT>",
"<IMPLEMENTATION","IMPLEMENTATION>",
"<BUTTON","BUTTON>",
"<LOCATION","LOCATION>",
"<OPTION","OPTION>",
"<SELECTION","SELECTION>",
"<STRONG","STRONG>");
/*字符格式*/
str=strtolower(str);
str=preg_replace("/s+/", " ", str);//過濾回車
str=preg_replace("/ +/", " ", str);//過濾多個空格
/*過濾/替換幾種形式的js*/
str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","",str);//刪除<script>。。。</script>格式,
//str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","<\1>\2<\3>",str);//替換為可以顯示的,
str=preg_replace("/<(script.*?)>/si","",str);//刪除<script>未封閉
//str=preg_replace("/<(script.*?)>/si","<\1>",str);//替換未封閉
/*刪除/替換表單*/
str=preg_replace("/<(/?form.*?)>/si","",str);//刪除表單
//str=preg_replace("/<(/?form.*?)>/si","<\1>",str);//替換表單
str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","",str);//刪除框架
//str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","<\1>\2<\3>",str);//替換框架
/*過濾on事件*/
str=preg_replace("/href=(.+?)(["|'| |>])/ie","'href='.strtoupper('\1').'\2'",str);//把href=涉及到的on轉換為大寫。
str=str_replace(htm_on,htm_on_uper,str);//把<font,font>換為大寫,dhtml標簽字符,正則判斷太煩瑣,采用轉換辦法。
str=preg_replace("/(on[^ .<>]+?)([ |>])/s","\2",str);//取掉on事件
/*過濾超級連接的js*/
str=preg_replace("/(href|src|background|url|dynsrc|expression|codebase)[=:(]([ "']*?w+..*?|javascript|vbscript:[^>]*?)()?)([ >/])/si","\1='#' \3\4",str);//取掉href=javascript:
//返回小寫字符
str=strtolower(str);
str=str_replace("&","&",str);
echo str;
?>
/**
* 過濾在線編輯器產生的不安全html代碼.
*
* PHP versions 4 and 5
*
* @copyright 版權所無,任意傳播.
* @link http://www.52sunny.net
* @name html過濾
* @version v 0.0.10
* @author Lucklrj (sunny_lrj@yeah.net,qq:7691272)
* @lastmodified 2006-06-09 10:42 (Tue, 2006-06-09)
* @notice 此版本只過濾js,框架,表單。
作者能力有限,使用本程序若產生任何安全問題,與本人無關。
歡迎來信與我交流。
*/ str="<tr><td bgcolor='#FFFFFF'>
<div style='url(123.offsetWidth)>";
//str="url(javascript:x)";
/*不需要過濾的數組*/
htm_on=array(
"<acronym","acronym>",
"<baseFont","baseFont>",
"<button","button>",
"<caption","caption>",
"<clientInformation","clientInformation>",
"<font","font>",
"<implementation","implementation>",
"<button","button>",
"<location","location>",
"<option","option>",
"<selection","selection>",
"<strong","strong>");
htm_on_uper=array(
"<ACRONYM","ACRONYM>",
"<BASEFONT","BASEFONT>",
"<BUTTON","BUTTON>",
"<CAPTION","CAPTION>",
"<CLIENTINFORMATION","CLIENTINFORMATION>",
"<FONT","FONT>",
"<IMPLEMENTATION","IMPLEMENTATION>",
"<BUTTON","BUTTON>",
"<LOCATION","LOCATION>",
"<OPTION","OPTION>",
"<SELECTION","SELECTION>",
"<STRONG","STRONG>");
/*字符格式*/
str=strtolower(str);
str=preg_replace("/s+/", " ", str);//過濾回車
str=preg_replace("/ +/", " ", str);//過濾多個空格
/*過濾/替換幾種形式的js*/
str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","",str);//刪除<script>。。。</script>格式,
//str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","<\1>\2<\3>",str);//替換為可以顯示的,
str=preg_replace("/<(script.*?)>/si","",str);//刪除<script>未封閉
//str=preg_replace("/<(script.*?)>/si","<\1>",str);//替換未封閉
/*刪除/替換表單*/
str=preg_replace("/<(/?form.*?)>/si","",str);//刪除表單
//str=preg_replace("/<(/?form.*?)>/si","<\1>",str);//替換表單
str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","",str);//刪除框架
//str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","<\1>\2<\3>",str);//替換框架
/*過濾on事件*/
str=preg_replace("/href=(.+?)(["|'| |>])/ie","'href='.strtoupper('\1').'\2'",str);//把href=涉及到的on轉換為大寫。
str=str_replace(htm_on,htm_on_uper,str);//把<font,font>換為大寫,dhtml標簽字符,正則判斷太煩瑣,采用轉換辦法。
str=preg_replace("/(on[^ .<>]+?)([ |>])/s","\2",str);//取掉on事件
/*過濾超級連接的js*/
str=preg_replace("/(href|src|background|url|dynsrc|expression|codebase)[=:(]([ "']*?w+..*?|javascript|vbscript:[^>]*?)()?)([ >/])/si","\1='#' \3\4",str);//取掉href=javascript:
//返回小寫字符
str=strtolower(str);
str=str_replace("&","&",str);
echo str;
?>
分享:解析PHP中多張圖片上傳并校驗的實現單張的圖片上傳是不復雜的,這里涉及到多張圖片上傳和對圖片格式的校驗,保證上傳的一定是圖片,防止上傳其他文件到服務器。 基本實現算法是使用數組的形式,把所有的圖片提交個一個數組,對數組的元素進行一個個的處理。 ?php /***************************
相關PHP教程:
- 相關鏈接:
- 教程說明:
PHP教程-PHP技巧:過濾在線編輯器產生的不安全html代碼
。