PHP中的XSS过滤功能 [英] XSS filtering function in PHP
问题描述
类似于: http://snipplr.com/view/1848/php--sacar-xss/
非常感谢您的任何意见和建议。 简单的方法?使用 strip_tags()
:
$ str = strip_tags($ input);
您也可以使用
pre> $ str = filter_var($ input,FILTER_SANITIZE_STRING);
这是清理过滤器。
Does anyone know of a good function out there for filtering generic input from forms? Zend_Filter_input seems to require prior knowledge of the contents of the input and I'm concerned that using something like HTML Purifier will have a big performance impact.
What about something like : http://snipplr.com/view/1848/php--sacar-xss/
Many thanks for any input.
Simple way? Use strip_tags()
:
$str = strip_tags($input);
You can also use filter_var()
for that:
$str = filter_var($input, FILTER_SANITIZE_STRING);
The advantage of filter_var()
is that you can control the behaviour by, for example, stripping or encoding low and high characters.
Here is a list of sanitizing filters.
这篇关于PHP中的XSS过滤功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!