一个过滤html不安全代码的函数
[php] <?php$str="<object onasd='asd'>"; /*过滤危险词语则*/function del_html($str){ //过滤多余回车$str=preg_replace("/\s+/", " ", $str); //过滤<script>….$str=preg_replace("/<(script.*?)>(.*?)<(\/script.*?)>/si","<\\1>\\2<\\3>",$str);$str=preg_replace("/<(script.*?)>/si","<\\1>",$str); //过滤表单$str=preg_replace("/<(\/?form.*?)>/si","",$str); //过滤object$str=preg_replace("/<(\/?objec.*?)>/si","",$str); //过滤框架$str=preg_replace("/<(i?frame.*?)>(.*?)<(\/i?frame.*?)>/si","<\\1>\\2<\\3>",$str); //过滤on触发事件(非表格标签,格式为<xxx>xxx</xxx>)$str=preg_replace("/<([^tr|^td|^table|^tbody])([^>]*?on.+?=[^>|^<]*?)>(.*?)<\/(\\1[^>]*?)>/si","<\\1\\2>\\3<\\4>",$str); //过滤on触发事件(非表格标签,格式为<xxx />)$str=preg_replace("/<([^tr|^td|^table|^tbody])([^>]*?on.+?=[^>|^<]*?) ?\/?>/si","<\\1\\2>",$str); //过滤on触发事件(表格标签)$str=preg_replace("/<([tr|td|tbody|table][^>]*)on([^>]*?)>/si","<\\1 0n\\2>",$str);return($str);} echo del_html($str);?> [/php] function badHtml($string) { $string =preg_replace("!<([/]?)(html|head|meta|form|frameset|iframe|applet|object)([^>]+)?>!si","",$string); $string =preg_replace("!<style([^>]+)?>.+?<\/style>!si","",$string); $string =preg_replace("!<([/]?)(style)([^>]+)?>!si","",$string); $string =preg_replace("!<link.+?>.+?!is","",$string); $string =preg_replace("!<script([^>]+)?>.+?<\/script>!si"," ",$string); $string =preg_replace("!<([/]?)(script)([^>]+)?>!si"," ",$string); $string =preg_replace("!javascript!i","javascript",$string); $string =preg_replace("!<title([^>]+)?>.+?<\/title>!si","",$string); [...]
