实例:

xss.xml

<?xml version="1.0" encoding="UTF-8"?>
<filters>
    <filter>
        <id>1</id>
        <rule><![CDATA[(?:"[^"]*[^-]?>)|(?:[^\w\s]\s*\/>)|(?:>")]]></rule>
        <description>finds html breaking injections including whitespace attacks</description>
    </filter>

</filters>

 

1.使用$result = simplexml_load_file ( 'xss.xml', 'SimpleXMLElement', LIBXML_NOCDATA );

2.使用$result = getElementByTagName("rule")读取文本,再使用str_replace()用空格替换<![CDATA[( && )]]>,最后使用trim(string,charlist)[charlist=""]删除字符串两端的空格!

posted on 2014-04-18 14:11  milantgh  阅读(675)  评论(0编辑  收藏  举报