php 恶意代码过滤函数

作者：袖梨 2022-07-02

Public Function DecodeFilter(html, filter)
   html=LCase(html)
   filter=split(filter,",")
   For Each i In filter
      Select Case i
         Case "SCRIPT"    ' 去除所有客户端脚本javascipt,vbscript,jscript,js,vbs,event,...
            html = exeRE("(javascript|jscript|vbscript|vbs):", "#", html)
            html = exeRE("?script[^>]*>", "", html)
            html = exeRE("on(mouse|exit|error|click|key)", "", html)
         Case "TABLE":    ' 去除表格

	html = exeRE("?table[^>]>", "", html) html = exeRE("?tr[^>]>", "", html) html = exeRE("?th[^>]>", "", html) html = exeRE("?td[^>]>", "", html) html = exeRE("?tbody[^>]>", "", html) Case "CLASS" ' 去除样式类class="" html = exeRE("(<[^>]+) class=[^ \|^>]([^>]>)", "$1 $2", html) Case "STYLE" ' 去除样式style="" html = exeRE("(<[^>]+) style=""[^""]""([^>]>)", "$1 $2", html) html = exeRE("(<[^>]+) style='[^']'([^>]>)", "$1 $2", html) Case "IMG" ' 去除样式style="" html = exeRE("?img[^>]>", "", html) Case "XML" ' 去除XML<?xml> html = exeRE("<?xml[^>]>", "", html) Case "NAMESPACE" ' 去除命名空间 html = exeRE("?[a-z]+:[^>]>", "", html) Case "FONT" ' 去除字体 html = exeRE("?font[^>]>", "", html) html = exeRE("?a[^>]>", "", html) html = exeRE("?span[^>]>", "", html) html = exeRE("?br[^>]>", "", html) Case "MARQUEE" ' 去除字幕 html = exeRE("?marquee[^>]>", "", html) Case "OBJECT" ' 去除对象 html = exeRE("?object[^>]>", "", html) html = exeRE("?param[^>]>", "", html) 'html = exeRE("?embed[^>]>", "", html) Case "EMBED" html = exeRE("?embed[^>]>", "", html) Case "DIV" ' 去除对象 html = exeRE("?div([^>])>", "$1", html) html = exeRE("?p([^>])>", "$1", html) Case "ONLOAD" ' 去除样式style="" html = exeRE("(<[^>]+) onload=""[^""]""([^>]>)", "$1 $2", html) html = exeRE("(<[^>]+) onload='[^']'([^>]>)", "$1 $2", html) Case "ONCLICK" ' 去除样式style="" html = exeRE("(<[^>]+) onclick=""[^""]""([^>]>)", "$1 $2", html) html = exeRE("(<[^>]+) onclick='[^']'([^>]>)", "$1 $2", html) Case "ONDBCLICK" ' 去除样式style="" html = exeRE("(<[^>]+) ondbclick=""[^""]""([^>]>)", "$1 $2", html) html = exeRE("(<[^>]+) ondbclick='[^']'([^>]*>)", "$1 $2", html) End Select Next 'html = Replace(html," 'html = Replace(html,"

            html = exeRE("?table[^>]*>", "", html)
            html = exeRE("?tr[^>]*>", "", html)
            html = exeRE("?th[^>]*>", "", html)
            html = exeRE("?td[^>]*>", "", html)
            html = exeRE("?tbody[^>]*>", "", html)
         Case "CLASS"    ' 去除样式类class=""
            html = exeRE("(<[^>]+) class=[^ |^>]*([^>]*>)", "$1 $2", html)
         Case "STYLE"    ' 去除样式style=""
            html = exeRE("(<[^>]+) style=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(<[^>]+) style='[^']*'([^>]*>)", "$1 $2", html)
         Case "IMG"    ' 去除样式style=""
            html = exeRE("?img[^>]*>", "", html)
         Case "XML"    ' 去除XML<?xml>
            html = exeRE("<?xml[^>]*>", "", html)
         Case "NAMESPACE" ' 去除命名空间
            html = exeRE("?[a-z]+:[^>]*>", "", html)
         Case "FONT"    ' 去除字体
            html = exeRE("?font[^>]*>", "", html)
            html = exeRE("?a[^>]*>", "", html)
            html = exeRE("?span[^>]*>", "", html)
            html = exeRE("?br[^>]*>", "", html)
         Case "MARQUEE"    ' 去除字幕
            html = exeRE("?marquee[^>]*>", "", html)
         Case "OBJECT"    ' 去除对象
            html = exeRE("?object[^>]*>", "", html)
            html = exeRE("?param[^>]*>", "", html)
            'html = exeRE("?embed[^>]*>", "", html)
         Case "EMBED"
            html =  exeRE("?embed[^>]*>", "", html)
         Case "DIV"    ' 去除对象
            html = exeRE("?div([^>])*>", "$1", html)
            html = exeRE("?p([^>])*>", "$1", html)
         Case "ONLOAD"    ' 去除样式style=""
            html = exeRE("(<[^>]+) onload=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(<[^>]+) onload='[^']*'([^>]*>)", "$1 $2", html)
         Case "ONCLICK"    ' 去除样式style=""
            html = exeRE("(<[^>]+) onclick=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(<[^>]+) onclick='[^']*'([^>]*>)", "$1 $2", html)
         Case "ONDBCLICK"    ' 去除样式style=""
            html = exeRE("(<[^>]+) ondbclick=""[^""]*""([^>]*>)", "$1 $2", html)
            html = exeRE("(<[^>]+) ondbclick='[^']*'([^>]*>)", "$1 $2", html)

      End Select
   Next
   'html = Replace(html,"    'html = Replace(html,"

php 恶意代码过滤函数

相关文章

精彩推荐