360 webscan中防注入跨站攻击的核心，360webscan_PHP教程

<span>//</span><span>get拦截规则</span>
<span>$getfilter</span> = "\<.+javascript:window\[.{1}\\x|<.*=(&#\d+?;?)+?>|<.*(data|src)=data:text\/html.*>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\()|<[a-z]+?\b[^>]*?\bon([a-z]{4,})s*?=|^\+\/v(8|9)|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"<span>;
</span><span>//</span><span>post拦截规则</span>
<span>$postfilter</span> = "<.*=(&#\d+?;?)+?>|<.*data=data:text\/html.*>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\()|<[^>]*?\b(onerror|onmousemove|onload|onclick|onmouseover)\b|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"<span>;
</span><span>//</span><span>cookie拦截规则</span>
<span>$cookiefilter</span> = "benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\(|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";