mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-27 07:49:27 +00:00
Added a function to check the security of HTML source
This commit is contained in:
parent
c83fd453a0
commit
4c4d7b854e
@ -69,21 +69,45 @@ function toInt($input) : int{
|
|||||||
/**
|
/**
|
||||||
* Remove HTML markup codes (<, >)
|
* Remove HTML markup codes (<, >)
|
||||||
*
|
*
|
||||||
* @param String $input The string to change
|
* @param string $input The string to change
|
||||||
* @return String The updated string
|
* @return string The updated string
|
||||||
*/
|
*/
|
||||||
function removeHTMLnodes($input){
|
function removeHTMLnodes(string $input) : string {
|
||||||
$output = str_replace("<", "<", $input);
|
$output = str_replace("<", "<", $input);
|
||||||
return str_replace(">", ">", $output);
|
return str_replace(">", ">", $output);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check the security of an HTML string
|
||||||
|
*
|
||||||
|
* @param string $input The string to check
|
||||||
|
* @return bool TRUE if the string is safe to insert / FALSE else
|
||||||
|
*/
|
||||||
|
function checkHTMLstring(string $string) : bool {
|
||||||
|
|
||||||
|
//Check for script or style or meta tag
|
||||||
|
if(str_ireplace(array("<string", "<style", "<meta"), "", $string) != $string)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
//Check for onclick, onkeyup, onmousehover tag
|
||||||
|
if(str_ireplace(array("onclick", "onkeyup", "onmousehover"), "", $string) != $string)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
//Check for images integrated to the post
|
||||||
|
if(preg_match("/data:image/", $string))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
//The message is valid
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check a string before inserting it
|
* Check a string before inserting it
|
||||||
*
|
*
|
||||||
* @param String $string The string to check
|
* @param string $string The string to check
|
||||||
* @return Boolean True if the string is valid / false else
|
* @return bool True if the string is valid / false else
|
||||||
*/
|
*/
|
||||||
function check_string_before_insert($string){
|
function check_string_before_insert(string $string) : bool {
|
||||||
|
|
||||||
//First, empty string are invalid
|
//First, empty string are invalid
|
||||||
if($string == "")
|
if($string == "")
|
||||||
|
Loading…
Reference in New Issue
Block a user