xss_clean() public method

Sanitizes data so that Cross Site Scripting Hacks can be prevented. This method does a fair amount of work but it is extremely thorough, designed to prevent even the most obscure XSS attempts. Nothing is ever 100% foolproof, of course, but I haven't been able to get anything passed the filter. Note: Should only be used to deal with data upon submission. It's not something that should be used for general runtime processing.
See link: Based in part on some code and ideas from Bitflux.
See link: To help develop this script I used this great list of vulnerabilities along with a few other hacks I've harvested from examining vulnerabilities in other programs.
public xss_clean ( mixed $str ) : string | array | boolean
$str mixed input data e.g. string or array
return string | array | boolean boolean: will return a boolean, if the "is_image"-parameter is true string: will return a string, if the input is a string array: will return a array, if the input is a array
AntiXSS Class Documentation
Exemplo n.º 1
0
 public function post(Request $request, AntiXSS $xss, \Swift_Mailer $mailer, array $vars)
 {
     $name = $xss->xss_clean($request->request->get('name'));
     $mail = $xss->xss_clean($request->request->get('mail'));
     $message = $xss->xss_clean($request->request->get('message'));
     $return = ['name' => $name, 'mail' => $mail, 'message' => $message];
     return $return;
 }
Exemplo n.º 2
0
 /**
  * remove xss from html
  *
  * @return Stringy
  */
 public function removeXss()
 {
     static $antiXss = null;
     if ($antiXss === null) {
         $antiXss = new AntiXSS();
     }
     $str = $antiXss->xss_clean($this->str);
     return static::create($str, $this->encoding);
 }