- preg_match: documentation ( source)
- urldecode: documentation ( source)
- html_entity_decode: documentation ( source)
- preg_replace: documentation ( source)
<?php
function xssfilter($inp){
$inp = html_entity_decode(urldecode($inp));
$inp = preg_replace('/!/','',$inp);
if (preg_match('/script|on|xmlns|data/iu',$inp)){
while(preg_match('/script|on|xmlns|data/iu',$inp)){
$inp = preg_replace('/(script)|(on)|(xmlns)|(data)/iu','NO!',$inp);
}
}
return $inp;
}
echo xssfilter("&#x6A;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;: alert('XSS');");