PHP Class Microweber\Utils\lib\XSSSecurity

Some code in this class it taken from CodeIgniter 3. See the original here: http://bit.ly/1oQnpjn.

Author: Andrey Andreev ([email protected])

Author: Derek Jones ([email protected])

Author: Graham Campbell ([email protected])

Afficher le fichier Open project: microweber/microweber

Protected Properties

Свойство	Type	Description
$evil	string[]	The evil attributes.
$xssHash	string	A random hash for protecting urls.

Méthodes publiques

Méthode	Description
__construct ( array $evil = null )	Create a new security instance.
clean ( string \| string[] $str ) : string	XSS clean.

Méthodes protégées

Méthode	Description
compactExplodedWords ( array $matches ) : string	Compact exploded words.
convertAttribute ( array $match ) : string	Attribute conversion.
decodeEntity ( array $match ) : string	HTML entity decode callback.
doNeverAllowed ( string $str ) : string	Do never allowed.
entityDecode ( string $str ) : string	HTML entities decode.
filterAttributes ( string $str ) : string	Attribute filtering.
jsImgRemoval ( array $match ) : string	JS image removal.
jsLinkRemoval ( array $match ) : string	JS link removal.
process ( string $str ) : string	Process a string for cleaning.
removeEvilAttributes ( string $str ) : string	Remove evil html attributes.
removeInvisibleCharacters ( string $str, boolean $urlEncoded = true ) : string	Removes invisible characters.
sanitizeNaughtyHtml ( array $matches ) : string	Sanitize naughty html.
xssHash ( ) : string	Generates the XSS hash if needed and returns it.

Method Details

__construct() public méthode

Create a new security instance.

public __construct ( array $evil = null )
$evil	array

clean() public méthode

XSS clean.

public clean ( string \| string[] $str ) : string
$str	string \| string[]
Résultat	string

compactExplodedWords() protected méthode

Compact exploded words.

protected compactExplodedWords ( array $matches ) : string
$matches	array
Résultat	string

convertAttribute() protected méthode

Attribute conversion.

protected convertAttribute ( array $match ) : string
$match	array
Résultat	string

decodeEntity() protected méthode

HTML entity decode callback.

protected decodeEntity ( array $match ) : string
$match	array
Résultat	string

doNeverAllowed() protected méthode

Do never allowed.

protected doNeverAllowed ( string $str ) : string
$str	string
Résultat	string

entityDecode() protected méthode

HTML entities decode.

protected entityDecode ( string $str ) : string
$str	string
Résultat	string

filterAttributes() protected méthode

Attribute filtering.

protected filterAttributes ( string $str ) : string
$str	string
Résultat	string

jsImgRemoval() protected méthode

JS image removal.

protected jsImgRemoval ( array $match ) : string
$match	array
Résultat	string

jsLinkRemoval() protected méthode

JS link removal.

protected jsLinkRemoval ( array $match ) : string
$match	array
Résultat	string

process() protected méthode

Process a string for cleaning.

protected process ( string $str ) : string
$str	string
Résultat	string

removeEvilAttributes() protected méthode

Remove evil html attributes.

protected removeEvilAttributes ( string $str ) : string
$str	string
Résultat	string

removeInvisibleCharacters() protected méthode

Removes invisible characters.

protected removeInvisibleCharacters ( string $str, boolean $urlEncoded = true ) : string
$str	string
$urlEncoded	boolean
Résultat	string

sanitizeNaughtyHtml() protected méthode

Sanitize naughty html.

protected sanitizeNaughtyHtml ( array $matches ) : string
$matches	array
Résultat	string

xssHash() protected méthode

Generates the XSS hash if needed and returns it.

protected xssHash ( ) : string
Résultat	string

Property Details

$evil protected_oe property

The evil attributes.

protected string[] $evil
Résultat	string[]

$xssHash protected_oe property

A random hash for protecting urls.

protected string $xssHash
Résultat	string