XSS-Filterfunktion in PHP
Hier ist ein Beispiel für eine grundlegende XSS-Filterfunktion in PHP:
<?php
/**
* Function to filter potential XSS attacks
* @param string $data - The input data to be filtered
* @return string - The filtered data
*/
function xss_filter($data)
{
// Remove any non-printable characters
$data = preg_replace('/[\x00-\x1F\x7F]/', '', $data);
// Remove any characters that are not allowed in HTML
$data = preg_replace('/[<>\?\'\"\(\)\[\]]/', '', $data);
// Remove any characters that are used for XSS attacks
$data = str_replace(['<', '>', '\'', '\"', ')', '('], '', $data);
// Return the filtered data
return $data;
}
// Example usage
$input = "<script>alert('XSS Attack');</script>";
$output = xss_filter($input);
echo $output;
?>