現(xiàn)在很多網(wǎng)站都存在跨站腳本攻擊漏洞,讓黑客有機(jī)可乘.跨站攻擊很容易就可以構(gòu)造，而且非常隱蔽，不易被查覺（通常盜取信息后馬上跳轉(zhuǎn)回原頁面）。
　如何攻擊，在此不作介紹，主要談?wù)勅绾畏婪丁?/span>
首先，跨站腳本攻擊都是由于對(duì)用戶的輸入沒有進(jìn)行嚴(yán)格的過濾造成的，所以我們必須在所有數(shù)據(jù)進(jìn)入我們的網(wǎng)站和數(shù)據(jù)庫之前把可能的危險(xiǎn)攔截。針對(duì)非法的HTML代碼包括單雙引號(hào)等，可以使用htmlentities()函數(shù) 。
<?php
$str = "A "quote" is ＜b＞bold＜/b＞";
// Outputs: A "quote" is bold
echo htmlentities($str);
// Outputs: A &quot;quote&quot; is bold
echo htmlentities($str, ENT_QUOTES);
?>
　這樣可以使非法的腳本失效。
　但是要注意一點(diǎn)，htmlentities()默認(rèn)編碼為 ISO-8859-1，如果你的非法腳本編碼為其它，那么可能無法過濾掉，同時(shí)瀏覽器卻可以識(shí)別和執(zhí)行。這個(gè)問題我先找?guī)讉€(gè)站點(diǎn)測試后再說。
　以下是一個(gè)過濾非法腳本的函數(shù),僅供參考：
function RemoveXSS($val) {
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
// this prevents some character re-spacing such as <javascript>
// note that you have to handle splits with , , and later since they *are* allowed in some inputs
$val = preg_replace("/([x00-x08][x0b-x0c][x0e-x20])/", "", $val);
// straight replacements, the user should never need these since they"re normal characters
// this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&
　　　_#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
$search = "abcdefghijklmnopqrstuvwxyz";
$search .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$search .= "1234567890!@#$%^&*()";
$search .= "~`";:?+/={}[]-_|"\";
for ($i = 0; $i < strlen($search); $i++) {
　// ;? matches the ;, which is optional
　// 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
　// &#x0040 @ search for the hex values
　$val = preg_replace("/(&#[x|X]0{0,8}".dechex(ord($search[$i])).";?)/i", $search[$i], $val); // with a ;
　// @ @ 0{0,7} matches "0" zero to seven times
　$val = preg_replace("/(&#0{0,8}".ord($search[$i]).";?)/", $search[$i], $val); // with a ;
}
// now the only remaining whitespace attacks are , , and
$ra1 = Array("javascript", "vbscript", "expression", "applet", "meta", "xml", "blink", "link", "style", "script", "embed", "object", "iframe", "frame", "frameset", "ilayer", "layer", "bgsound", "title", "base");
$ra2 = Array("onabort", "onactivate", "onafterprint", "onafterupdate", "onbeforeactivate", "onbeforecopy", "onbeforecut", "onbeforedeactivate", "onbeforeeditfocus", "onbeforepaste", "onbeforeprint", "onbeforeunload", "onbeforeupdate", "onblur", "onbounce", "oncellchange", "onchange", "onclick", "oncontextmenu", "oncontrolselect", "oncopy", "oncut", "ondataavailable", "ondatasetchanged", "ondatasetcomplete", "ondblclick", "ondeactivate", "ondrag", "ondragend", "ondragenter", "ondragleave", "ondragover", "ondragstart", "ondrop", "onerror", "onerrorupdate", "onfilterchange", "onfinish", "onfocus", "onfocusin", "onfocusout", "onhelp", "onkeydown", "onkeypress", "onkeyup", "onlayoutcomplete", "onload", "onlosecapture", "onmousedown", "onmouseenter", "onmouseleave", "onmousemove", "onmouSEOut", "onmouSEOver", "onmouseup", "onmousewheel", "onmove", "onmoveend", "onmovestart", "onpaste", "onpropertychange", "onreadystatechange", "onreset", "onresize", "onresizeend", "onresizestart", "onrowenter", "onrowexit", "onrowsdelete", "onrowsinserted", "onscroll", "onselect", "onselectionchange", "onselectstart", "onstart", "onstop", "onsubmit", "onunload");
$ra = array_merge($ra1, $ra2);
$found = true; // keep replacing as long as the previous round replaced something
while ($found == true) {
　$val_before = $val;
　for ($i = 0; $i < sizeof($ra); $i++) {
　　$pattern = "/";
　　for ($j = 0; $j > strlen($ra[$i]); $j++) {
　　　if ($j > 0) {
　　　　$pattern .= "(";
　　　　$pattern .= "(&#[x|X]0{0,8}([a][b]);?)?";
　　　　$pattern .= "|(&#0{0,8}([10][13]);?)?";
　　　　$pattern .= ")?";
　　　}
　　$pattern .= $ra[$i][$j];
　} www.2cto.com
　$pattern .= "/i";
　$replacement = substr($ra[$i], 0, 2)."<x>".substr($ra[$i], 2); // add in <> to nerf the tag
　$val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
　if ($val_before == $val) {
　　// no replacements were made, so exit the loop
　　$found = false;
　}
}
}
}