advanced code snippet search

Posted By

nicolaspar on 12/27/06


Tagged


Versions (?)


Advertising

Website Promotion DIRECTORY is a crucial factor for all websites that need to gain better organic search engine rankings and increase website traffic.
Submitting your website as part of your Web Promotion strategy to our SEO friendly and high traffic Business Directory for review is an excellent way to gain a valuable backlink and increase your websites visibility online.

Submit Site


Who likes this?

3 people have marked this snippet as a favorite

vali29
oso96_2000
kirik


PHP - Sacar XSS

Published in: PHP 

Expand | Embed | Plain Text 
  1. function sacarXss($val) {
  2.    $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
  3.    $search = 'abcdefghijklmnopqrstuvwxyz';
  4.    $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  5.    $search .= '1234567890!@#$%^&*()';
  6.    $search .= '~`";:?+/={}[]-_|\'\\';
  7.    for ($i = 0; $i < strlen($search); $i++) {
  8.       $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
  9.       $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
  10.    }
  11.    $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
  12.    $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
  13.    $ra = array_merge($ra1, $ra2);
  14.    $found = true; 
  15.    while ($found == true) {
  16.       $val_before = $val;
  17.       for ($i = 0; $i < sizeof($ra); $i++) {
  18.          $pattern = '/';
  19.          for ($j = 0; $j < strlen($ra[$i]); $j++) {
  20.             if ($j > 0) {
  21.                $pattern .= '(';
  22.                $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
  23.                $pattern .= '|(&#0{0,8}([9][10][13]);?)?';
  24.                $pattern .= ')?';
  25.             }
  26.             $pattern .= $ra[$i][$j];
  27.          }
  28.          $pattern .= '/i';
  29.          $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);
  30.          $val = preg_replace($pattern, $replacement, $val);
  31.          if ($val_before == $val) {
  32.             $found = false;
  33.          }
  34.       }
  35.    }
  36.   return $val;
  37. } 
  38. echo sacarXss("testeando javascript:alert('hola');");

Report this snippet 

You need to login to post a comment.

Download royalty free graphics