Quick Search:
CODE
Oracle PL/SQL Code Library
JOBS
Find Or Post Oracle Jobs
FORUM
Oracle Discussion & Chat
 PHP Code: XSS Sanitizer Function Jump to:  
Category: >> PHP Code >> XSS Sanitizer Function Bookmark and Share

<< lastnext >>

Snippet Name: XSS Sanitizer Function

Description: Data sanitizing function for cleaning out malicious code or characters from input data. Helps guard against Cross Site Scripting attacks (XSS)

Also see:
» Censor Message Text
» Vulnerability Tester
» Block IP Addresses
» Ban Proxy Servers
» Bad Word Filter
» Anti-Flood Protection
» Anti-SQL Injection Function
» Filter non-alphanumeric characters

Comment: (none)

Language:
Highlight Mode: PHP
Last Modified: March 16th, 2009

<?PHP
 
/* CLEANS AGAINST XSS
 * 
 * NOTE all credits goes to codeigniter.com
 * @param string $str - string to check
 * @param string $charset - character set (default ISO-8859-1)
 * @return string|bool $value sanitized string
 */
 
FUNCTION ft_xss($str, $charset = 'ISO-8859-1') {
    /*
    * Remove Null Characters
    *
    * This prevents sandwiching null characters
    * between ASCII characters, like Java\0script.
    *
    */
    $str = PREG_REPLACE('/\0+/', '', $str);
    $str = PREG_REPLACE('/(\\\\0)+/', '', $str);
 
    /*
    * Validate standard character entities
    *
    * Add a semicolon if missing.  We do this to enable
    * the conversion of entities to ASCII later.
    *
    */
    $str = PREG_REPLACE('#(&\#*\w+)[\x00-\x20]+;#u',"\\1;",$str);
 
    /*
    * Validate UTF16 two byte encoding (x00)
    *
    * Just as above, adds a semicolon if missing.
    *
    */
    $str = PREG_REPLACE('#(&\#x*)([0-9A-F]+);*#iu',"\\1\\2;",$str);
 
    /*
    * URL Decode
    *
    * Just in case stuff like this is submitted:
    *
    * <a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>
    *
    * Note: Normally urldecode() would be easier but it removes plus signs
    *
    */     
    $str = PREG_REPLACE("/%u0([a-z0-9]{3})/i", "


Free
Oracle Magazine
Subscriptions
and Oracle White Papers


SQL University.net courses meet the most demanding needs of the business world for advanced education in a cost-effective manner. SQL University.net courses are available immediately for IT professionals and can be taken without disruption of your workplace schedule or processes.

Compared to traditional travel-based training, SQL University.net saves time and valuable corporate resources, allowing companies to do more with less. That's our mission, and that's what we deliver.

Click here to find out more
 
Home      :      Code Library      :      Sponsors      :      Privacy      :      Terms of Use      :      Contact Us 54 users online    © 2009 psoug.org

PSOUG LOGIN
Username: 
Password: 
Forgot your password?