voku\helper\AntiXSS::_js_removal PHP Method

AntiXSS Class Documentation Show file Open project: voku/anti-xss

_js_removal() private method

Callback method for xss_clean() to sanitize tags. This limits the PCRE backtracks, making it more performance friendly and prevents PREG_BACKTRACK_LIMIT_ERROR from being triggered in PHP 5.2+ on image tag heavy strings.
private _js_removal ( array $match, string $search ) : string
$match array
$search string
return string 
    private function _js_removal($match, $search)
    {
        if (!$match[0]) {
            return '';
        }
        $replacer = preg_replace('#' . $search . '=.*?(?:(?:alert|prompt|confirm)(?:\\((\')*|&\\#40;)|javascript:|view-source:|livescript:|wscript:|vbscript:|mocha:|charset=|window\\.|document\\.|\\.cookie|<script|<xss|base64\\s*,)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])));
        return str_ireplace($match[1], $replacer, $match[0]);
    }
AntiXSS
__construct
_compact_exploded_words
_decode_entity
_do
_do_never_allowed
_do_never_allowed_afterwards
_entity_decode
_filter_attributes
_initNeverAllowedStr
_js_img_removal
_js_link_removal
_js_removal
_sanitize_naughty_html
addEvilAttributes
compact_exploded_javascript
decode_string
make_php_tags_safe
removeEvilAttributes
remove_disallowed_javascript
remove_evil_attributes
sanitize_naughty_html
sanitize_naughty_javascript
setReplacement
setStripe4byteChars
xss_clean
xss_hash