php 恶意代码过滤函数
php 恶意代码过滤函数
Public Function DecodeFilter(html, filter)
html=LCase(html)
filter=split(filter,",")
For Each i In filter
Select Case i
Case "SCRIPT" ' 去除所有客户端脚本javascipt,vbscript,jscript,js,vbs,event,...
html = exeRE("(javascript|jscript|vbscript|vbs):", "#", html)
html = exeRE("</?script[^>]*>", "", html)
html = exeRE("on(mouse|exit|error|click|key)", "", html)
Case "TABLE": ' 去除表格<table><tr><td><th>
html = exeRE("</?table[^>]*>", "", html)
html = exeRE("</?tr[^>]*>", "", html)
html = exeRE("</?th[^>]*>", "", html)
html = exeRE("</?td[^>]*>", "", html)
html = exeRE("</?tbody[^>]*>", "", html)
Case "CLASS" ' 去除样式类class=""
html = exeRE("(<[^>]+) class=[^ |^>]*([^>]*>)", "$1 $2", html)
Case "STYLE" ' 去除样式style=""
html = exeRE("(<[^>]+) style=""[^""]*""([^>]*>)", "$1 $2", html)
html = exeRE("(<[^>]+) style='[^']*'([^>]*>)", "$1 $2", html)
Case "IMG" ' 去除样式style=""
html = exeRE("</?img[^>]*>", "", html)
Case "XML" ' 去除XML<?xml>
html = exeRE("<\\?xml[^>]*>", "", html)
Case "NAMESPACE" ' 去除命名空间<o
></o>
html = exeRE("<\/?[a-z]+:[^>]*>", "", html)
Case "FONT" ' 去除字体<font></font>
html = exeRE("</?font[^>]*>", "", html)
html = exeRE("</?a[^>]*>", "", html)
html = exeRE("</?span[^>]*>", "", html)
html = exeRE("</?br[^>]*>", "", html)
Case "MARQUEE" ' 去除字幕<marquee></marquee>
html = exeRE("</?marquee[^>]*>", "", html)
Case "OBJECT" ' 去除对象<object><param><embed></object>
html = exeRE("</?object[^>]*>", "", html)
html = exeRE("</?param[^>]*>", "", html)
'html = exeRE("</?embed[^>]*>", "", html)
Case "EMBED"
html = exeRE("</?embed[^>]*>", "", html)
Case "DIV" ' 去除对象<object><param><embed></object>
html = exeRE("</?div([^>])*>", "$1", html)
html = exeRE("</?p([^>])*>", "$1", html)
Case "ONLOAD" ' 去除样式style=""
html = exeRE("(<[^>]+) onload=""[^""]*""([^>]*>)", "$1 $2", html)
html = exeRE("(<[^>]+) onload='[^']*'([^>]*>)", "$1 $2", html)
Case "ONCLICK" ' 去除样式style=""
html = exeRE("(<[^>]+) onclick=""[^""]*""([^>]*>)", "$1 $2", html)
html = exeRE("(<[^>]+) onclick='[^']*'([^>]*>)", "$1 $2", html)
Case "ONDBCLICK" ' 去除样式style=""
html = exeRE("(<[^>]+) ondbclick=""[^""]*""([^>]*>)", "$1 $2", html)
html = exeRE("(<[^>]+) ondbclick='[^']*'([^>]*>)", "$1 $2", html)
End Select
Next
'html = Replace(html,"<table","<")
'html = Replace(html,"<tr","<")
'html = Replace(html,"<td","<")
DecodeFilter = html
End Function
补充:Php教程,Php安全
