PHP Class Microweber\Utils\lib\XSSSecurity

Some code in this class it taken from CodeIgniter 3. See the original here: http://bit.ly/1oQnpjn.

Author: Andrey Andreev ([email protected])

Author: Derek Jones ([email protected])

Author: Graham Campbell ([email protected])

Datei anzeigen Open project: microweber/microweber

Protected Properties

Property	Type	Description
$evil	string[]	The evil attributes.
$xssHash	string	A random hash for protecting urls.

Public Methods

Method	Description
__construct ( array $evil = null )	Create a new security instance.
clean ( string \| string[] $str ) : string	XSS clean.

Protected Methods

Method	Description
compactExplodedWords ( array $matches ) : string	Compact exploded words.
convertAttribute ( array $match ) : string	Attribute conversion.
decodeEntity ( array $match ) : string	HTML entity decode callback.
doNeverAllowed ( string $str ) : string	Do never allowed.
entityDecode ( string $str ) : string	HTML entities decode.
filterAttributes ( string $str ) : string	Attribute filtering.
jsImgRemoval ( array $match ) : string	JS image removal.
jsLinkRemoval ( array $match ) : string	JS link removal.
process ( string $str ) : string	Process a string for cleaning.
removeEvilAttributes ( string $str ) : string	Remove evil html attributes.
removeInvisibleCharacters ( string $str, boolean $urlEncoded = true ) : string	Removes invisible characters.
sanitizeNaughtyHtml ( array $matches ) : string	Sanitize naughty html.
xssHash ( ) : string	Generates the XSS hash if needed and returns it.

Method Details

__construct() public method

Create a new security instance.

public __construct ( array $evil = null )
$evil	array

clean() public method

XSS clean.

public clean ( string \| string[] $str ) : string
$str	string \| string[]
return	string

compactExplodedWords() protected method

Compact exploded words.

protected compactExplodedWords ( array $matches ) : string
$matches	array
return	string

convertAttribute() protected method

Attribute conversion.

protected convertAttribute ( array $match ) : string
$match	array
return	string

decodeEntity() protected method

HTML entity decode callback.

protected decodeEntity ( array $match ) : string
$match	array
return	string

doNeverAllowed() protected method

Do never allowed.

protected doNeverAllowed ( string $str ) : string
$str	string
return	string

entityDecode() protected method

HTML entities decode.

protected entityDecode ( string $str ) : string
$str	string
return	string

filterAttributes() protected method

Attribute filtering.

protected filterAttributes ( string $str ) : string
$str	string
return	string

jsImgRemoval() protected method

JS image removal.

protected jsImgRemoval ( array $match ) : string
$match	array
return	string

jsLinkRemoval() protected method

JS link removal.

protected jsLinkRemoval ( array $match ) : string
$match	array
return	string

process() protected method

Process a string for cleaning.

protected process ( string $str ) : string
$str	string
return	string

removeEvilAttributes() protected method

Remove evil html attributes.

protected removeEvilAttributes ( string $str ) : string
$str	string
return	string

removeInvisibleCharacters() protected method

Removes invisible characters.

protected removeInvisibleCharacters ( string $str, boolean $urlEncoded = true ) : string
$str	string
$urlEncoded	boolean
return	string

sanitizeNaughtyHtml() protected method

Sanitize naughty html.

protected sanitizeNaughtyHtml ( array $matches ) : string
$matches	array
return	string

xssHash() protected method

Generates the XSS hash if needed and returns it.

protected xssHash ( ) : string
return	string

Property Details

$evil protected_oe property

The evil attributes.

protected string[] $evil
return	string[]

$xssHash protected_oe property

A random hash for protecting urls.

protected string $xssHash
return	string