type 1
type 2
Usage !
Code:
if(preg_match("(<|>|%|;|<a|<img|<script|<script>|")", $text))
{
$text = "Illegal tags used!";
}
Code:
function xss($text,$subject,$action)
{
// Bad Message board
$text = str_replace("%","%",$text);
$text = str_replace(">",">",$text);
$text = str_replace("<","<",$text);
$text = str_replace("@","@",$text);
$text = str_replace("£","£",$text);
$text = str_replace("$","$",$text);
$text = str_replace("#","#",$text);
$text = str_replace("'","'",$text);
$text = str_replace(",",",",$text);
$text = str_replace("-","-",$text);
$text = str_replace("^","^",$text);
$text = str_replace("`","`",$text);
$text = str_replace("{","{",$text);
$text = str_replace("}","}",$text);
$text = str_replace("®","®",$text);
$text = str_replace("©","©",$text);
$text = str_replace("§","§",$text);
$text = str_replace("¨","¨",$text);
return html_entity_decode($text);
// Bad SubJect
$subject = str_replace("%","%",$subject);
$subject = str_replace(">",">",$subject);
$subject = str_replace("<","<",$subject);
$subject = str_replace("@","@",$subject);
$subject = str_replace("£","£",$subject);
$subject = str_replace("$","$",$subject);
$subject = str_replace("#","#",$subject);
$subject = str_replace("'","'",$subject);
$subject = str_replace(",",",",$subject);
$subject = str_replace("-","-",$subject);
$subject = str_replace("^","^",$subject);
$subject = str_replace("`","`",$subject);
$subject = str_replace("{","{",$subject);
$subject = str_replace("}","}",$subject);
$subject = str_replace("®","®",$subject);
$subject = str_replace("©","©",$subject);
$subject = str_replace("§","§",$subject);
$subject = str_replace("¨","¨",$subject);
return html_entity_decode($subject);
// Bad Action
$action = str_replace("%","%",$action);
$action = str_replace(">",">",$action);
$action = str_replace("<","<",$action);
$action = str_replace("@","@",$action);
$action = str_replace("£","£",$action);
$action = str_replace("$","$",$action);
$action = str_replace("#","#",$action);
$action = str_replace("'","'",$action);
$action = str_replace(",",",",$action);
$action = str_replace("-","-",$action);
$action = str_replace("^","^",$action);
$action = str_replace("`","`",$action);
$action = str_replace("{","{",$action);
$action = str_replace("}","}",$action);
$action = str_replace("®","®",$action);
$action = str_replace("©","©",$action);
$action = str_replace("§","§",$action);
$action = str_replace("¨","¨",$action);
return html_entity_decode($action);
}
Code:
echo xss('$_POST[text]','$_POST[subject]','$_GET[action]');



Comment