public function clean_xss($var, $do_not_strip_tags = false)
{
static $sec;
if ($sec == false) {
$sec = new \Microweber\Utils\lib\XSSSecurity();
}
if (is_array($var)) {
foreach ($var as $key => $val) {
$output[$key] = $this->clean_xss($val, $do_not_strip_tags);
}
} else {
$var = $sec->clean($var);
$var = str_ireplace('<script>', '', $var);
$var = str_ireplace('</script>', '', $var);
$var = str_replace('<?', '<?', $var);
$var = str_replace('?>', '?>', $var);
$var = str_ireplace('<module', '<module', $var);
$var = str_ireplace('<Microweber', '<Microweber', $var);
$var = str_ireplace('javascript:', '', $var);
$var = str_ireplace('vbscript:', '', $var);
$var = str_ireplace('livescript:', '', $var);
$var = str_ireplace('HTTP-EQUIV=', '', $var);
$var = str_ireplace("52\\", '', $var);
if ($do_not_strip_tags == false) {
$var = strip_tags(trim($var));
}
$output = $var;
return $output;
}
if (isset($output)) {
return $output;
}
}