360 webscan中防注入跨站攻击的核心

//get拦截规则$getfilter = "//<.+javascript:window//[.{1}////x|<.*=(&#//d+?;?)+?>|<.*(data|src)=data:text///html.*>|//b(alert//(|confirm//(|exPRession//(|prompt//(|benchmark/s*?//(/d+?|sleep/s*?//([/d/.]+?//)|load_file/s*?//()|<[a-z]+?//b[^>]*?//bon([a-z]{4,})/s*?=|^//+///v(8|9)|//b(and|or)//b//s*?([//(//)'/"//d]+?=[//(//)'/"//d]+?|[//(//)'/"a-zA-Z]+?=[//(//)'/"a-zA-Z]+?|>|<|/s+?[//w]+?//s+?//bin//b//s*?/(|//blike//b//s+?[/"'])|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT(//(.+//)|//s+?.+?)|UPDATE(//(.+//)|//s+?.+?)SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE)(//(.+//)|//s+?.+?//s+?)FROM(//(.+//)|//s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";//post拦截规则$postfilter = "<.*=(&#//d+?;?)+?>|<.*data=data:text///html.*>|//b(alert//(|confirm//(|expression//(|prompt//(|benchmark/s*?//(/d+?|sleep/s*?//([/d/.]+?//)|load_file/s*?//()|<[^>]*?//b(onerror|onmousemove|onload|onclick|onmouSEOver)//b|//b(and|or)//b//s*?([//(//)'/"//d]+?=[//(//)'/"//d]+?|[//(//)'/"a-zA-Z]+?=[//(//)'/"a-zA-Z]+?|>|<|/s+?[//w]+?//s+?//bin//b//s*?/(|//blike//b//s+?[/"'])|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT(//(.+//)|//s+?.+?)|UPDATE(//(.+//)|//s+?.+?)SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE)(//(.+//)|//s+?.+?//s+?)FROM(//(.+//)|//s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";//cookie拦截规则$cookiefilter = "benchmark/s*?//(/d+?|sleep/s*?//([/d/.]+?//)|load_file/s*?//(|//b(and|or)//b//s*?([//(//)'/"//d]+?=[//(//)'/"//d]+?|[//(//)'/"a-zA-Z]+?=[//(//)'/"a-zA-Z]+?|>|<|/s+?[//w]+?//s+?//bin//b//s*?/(|//blike//b//s+?[/"'])|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT(//(.+//)|//s+?.+?)|UPDATE(//(.+//)|//s+?.+?)SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE)(//(.+//)|//s+?.+?//s+?)FROM(//(.+//)|//s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";

不多说。