360提示XSS漏洞?这个XSS漏洞很不好修复。。。。。如果是PHP程序的话,可以用下面的代码来过滤。。。
PHP防XSS 防SQL注入的代码
class protection{
public static function filtrate($str)
{
$farr = array(
"/\\s+/",
"/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
);
$str = preg_replace($farr,"",$str);
return addslashes($str);
}
public static function sweep($array)
{
if (is_array($array))
{
foreach($array as $k => $v)
{
$array[$k] = self::sweep($v);
}
}
else
{
$array = self::filtrate($array);
}
return $array;
}
}
$_REQUEST = protection::sweep($_REQUEST);
$_GET = protection::sweep($_GET);
$_POST = protection::sweep($_POST);
