1. 云栖社区>
  2. PHP教程>
  3. 正文

PHP Sanitize XSS

作者:用户 来源:互联网 时间:2017-12-01 15:21:33

PHP Sanitize XSS - 摘要: 本文讲的是PHP Sanitize XSS, PHP 246 Here is a simple PHP function I use to prevent XSSattacks. Use it to sanitize any user-input or othe

PHP

246

Here is a simple PHP function I use to prevent XSSattacks. Use it to sanitize any user-input or otherwise unknown variables before use.

PHP Sanitize XSS

PHP

function sanitize_xss($value) {return htmlspecialchars(strip_tags($value));} functionsanitize_xss($value){returnhtmlspecialchars(strip_tags($value));}

This function does two things to sanitize the input $valueand protect against XSS:

Removes all PHP and HTML tags via strip_tags() Converts all special characters to their HTML-entity equivalents via tmlspecialchars()

When combined, these two functions eliminate any chance of a successful XSS attack. All tags are removed and all quotes and other special characters are encoded. So yeah, XSS is not gonna happen when using the sanitize_xss()function provided above.

Example

For those who may be new to PHP, here is an example of how this function would be used. Let’s say that you have a variable named $user_inputthat you want to sanitize before echoing to the browser. All you need to do is:

<?php echo sanitize_xss($user_input); ?>

..and kiss XSS goodbye ;)

Show Support

Like the free coding tips at WP-Mix? Please Like the new Facebook Page!

以上是云栖社区小编为您精心准备的的内容,在云栖社区的博客、问答、公众号、人物、课程等栏目也有的相关内容,欢迎继续使用右上角搜索按钮进行搜索,以便于您获取更多的相关知识。