coercive/xss

Coercive 安全路由器

维护者

详细信息

github.com/Coercive/Xss

主页

源代码

问题

安装量: 1,268

依赖项: 1

建议者: 0

安全: 0

星标: 3

关注者: 3

分支: 0

开放问题: 0

0.0.8 2024-01-30 10:08 UTC

Requires

  • php: >=7

MIT de5667bab5276fa75070770ca8b4347057cee980

This package is auto-updated.

Last update: 2024-08-30 01:26:01 UTC

README

对URL中的XSS攻击进行简单检测。例如 '<' '>' 和引号...

获取

composer require coercive/xss

加载

use Coercive\Security\Xss;

# Test URL
$url = "https://mywebsite.com/?var='%22><script>alert();</script>";

# Load with construct param
$xss = new XssUrl($url);

# Or use setUrl on an alredy loaded instance
$xss = new XssUrl;
$xss->setUrl($url);

# Detect
if($xss->isXss()) { die; }

新的检测优化

# Test encoded url with script => alert('XSS')
$url = "&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x0027&#x29";

# Load with construct param
$xss = new XssUrl($url);

# Show example
echo '<a href="'.$url.'">BEFORE<a>';
echo '<br />';
echo '<a href="'.$xss->getFiltered().'">AFTER<a>';