CSI: PHP

"Looking at your tweets I cannot even fathom what your job is. CSI:PHP?" — @grmpyprogrammer

Validating Input Against XSS

| Comments

The intent is self explanatory. The results are likely to be less than desirable. I’m pretty sure this won’t cover all possible use cases.

1
2
3
4
5
6
7
8
9
10
11
12
13
<?php
Function noScript($text) {
    if (preg_match_all('/http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js/i', "$text", $ntext)) {
        $text = str_replace($ntext[0], '', $text);
    }
    if (preg_match_all('/<script type="text\/javascript"/i', "$text", $ntext)) {
        $text = str_replace($ntext[0], '<!--', $text);
    }
    if (preg_match_all('/<\/script>/i', "$text", $ntext)) {
        $text = str_replace($ntext[0], '-->', $text);
    }
    return $text;
}

Comments