<?php /** * Xss Class * * Created on 2011. 11. 16. * @author 불의회상 <hoksi2k@hanmail.net> * @package library * @subpackage controllers * @version 1.0 */ class Xss_lib extends CI_Controller { function __construct() { parent::__construct(); } function index() { $data = array(); if($this->input->post('test')) { $data['no_xss'] = $this->input->post('test'); // XSS를 수동으로 처리 $data['xss_clean'] = $this->security->xss_clean($this->input->post('test')); // 두번째 인자를 TRUE로 한 경우 안전한 이미지 인지 확인 // $data['safe_image'] = $this->security->xss_clean(); // $this->input->post의 경우 두번째 인자를 TRUE로 설정하여 XSS를 처리 가능 $data['post_xss'] = $this->input->post('test', TRUE); // 안전한 파일명 가져오기 } $this->load->view('xss_lib_sample', $data); } }
<?php $this->load->view('inc/header')?> <table class="tablesorter" border="0" cellpadding="0" cellspacing="1"> <thead> <tr> <th style="text-align:center" colspan="2">Test 데이타</th> </tr> </thead> <form method="post" action="<?=site_url('xss_lib')?>"> <tr> <td>XSS 가능 데이타</td> <td> <textarea name="test" rows="8" class="input-block-level"><a href="<a target="_blank" class="con_link" href="http://sample.com/comment.cgi?comment=<script>악성코드</script>" target="_blank">http://sample.com/comment.cgi?comment=<script>악성코드</script></a>"> Click here</a> <iframe src=<a target="_blank" class="con_link" href="http://sample.com/~bbs/hack.htm" >http://sample.com/~bbs/hack.htm</a> <font color="#000000"><span style="FONT-FAMILY: 957317_9; FONT-SIZE: 9pt">name</span></font>="Click here" width=0 heigth=0frameborder=0></iframe></textarea><br/> <input type="submit"/> </td> </tr> </form> <?php if($this->input->post('test')):?> <thead> <tr> <th style="text-align:center" width="20%">구분</th> <th width="80%">결과</th> </tr> </thead> <tr> <td>$this->input->post('test')</td> <td><textarea rows="8" class="input-block-level"><?php echo $no_xss?></textarea></td> </tr> <tr> <td>$this->security->xss_clean($this->input->post('test'))</td> <td><textarea rows="8" class="input-block-level"><?php echo $xss_clean?></textarea></td> </tr> <tr> <td>$this->input->post('test', TRUE)</td> <td><textarea rows="8" class="input-block-level"><?php echo $xss_clean?></textarea></td> </tr> <?php endif;?> </table> <?php $this->load->view('inc/footer')?>
© Copyright by hoksi(Page rendered in 0.0056 seconds)