php 恶意代码过滤函数_PHP教程-tutorial php-php.cn

php 恶意代码过滤函数_PHP教程

WBOY

Lepaskan： 2016-07-13 17:09:20

asal

1119 orang telah melayarinya

php 恶意代码过滤函数

Public Function DecodeFilter(html, filter)
   html=LCase(html)
   filter=split(filter,",")
   For Each i In filter
      Select Case i
         Case "SCRIPT"    ' 去除所有客户端脚本javascipt,vbscript,jscript,js,vbs,event,...
            html = exeRE("(javascript|jscript|vbscript|vbs):", "#", html)
            html = exeRE("?script[^>]*>", "", html)
            html = exeRE("on(mouse|exit|error|click|key)", "", html)
         Case "TABLE":    ' 去除表格

'html = Replace(html," DecodeFilter = html
End Function

            html = exeRE("?table[^>]*>", "", html)
            html = exeRE("?tr[^>]*>", "", html)
            html = exeRE("?th[^>]*>", "", html)
            html = exeRE("?td[^>]*>", "", html)
            html = exeRE("?tbody[^>]*>", "", html)
         Case "CLASS"    ' 去除样式类class=""
            html = exeRE("(]+) class=[^ |^>]*([^>]*>)", "$1 $2", html)
         Case "STYLE"    ' 去除样式
            html = exeRE("(]+) [^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(]+) style='[^']*'([^>]*>)", "$1 $2", html)
         Case "IMG"    ' 去除样式
            html = exeRE("?img[^>]*>", "", html)
         Case "XML"    ' 去除XML
            html = exeRE("]*>", "", html)
         Case "NAMESPACE" ' 去除命名空间>

>
            html = exeRE("]*>", "", html)
         Case "FONT"    ' 去除字体
            html = exeRE("?font[^>]*>", "", html)
            html = exeRE("?a[^>]*>", "", html)
            html = exeRE("?span[^>]*>", "", html)
            html = exeRE("?br[^>]*>", "", html)
         Case "MARQUEE"    ' 去除字幕
            html = exeRE("?marquee[^>]*>", "", html)
         Case "OBJECT"    ' 去除对象

            html = exeRE("?object[^>]*>", "", html)
            html = exeRE("?param[^>]*>", "", html)
            'html = exeRE("?embed[^>]*>", "", html)
         Case "EMBED"
            html =  exeRE("?embed[^>]*>", "", html)
         Case "DIV"    ' 去除对象

            html = exeRE("?div([^>])*>", "$1", html)
            html = exeRE("?p([^>])*>", "$1", html)
         Case "ONLOAD"    ' 去除样式
            html = exeRE("(]+) onload=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(]+) onload='[^']*'([^>]*>)", "$1 $2", html)
         Case "ONCLICK"    ' 去除样式
            html = exeRE("(]+) onclick=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(]+) onclick='[^']*'([^>]*>)", "$1 $2", html)
         Case "ONDBCLICK"    ' 去除样式
            html = exeRE("(]+) ondbclick=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(]+) ondbclick='[^']*'([^>]*>)", "$1 $2", html)

      End Select
   Next
   'html = Replace(html,"

'html = Replace(html,"