function cleanJs($text){ $text = trim ( $text ); $text = stripslashes ( $text ); //完全过滤注释 $text = preg_replace ( '/<!--?.*-->/', '', $text ); //完全过滤动态代码 $text = preg_replace ( '/<\?|\?>/', '', $text ); //完全过滤js /* $text = preg_replace ( '/<script?.*\/script>/', '', $text ); */ //过滤多余html $text = preg_replace ( '/<\/?(html|head|meta|link|base|body|title|style|script|form|iframe|frame|frameset)[^><]*>/i', '', $text ); //过滤on事件lang js while ( preg_match ( '/(<[^><]+)(lang|onfinish|onmouse|onexit|onerror|onclick|onkey|onload|onchange|onfocus|onblur)[^><]+/i', $text, $mat ) ){ $text = str_replace ( $mat [0], $mat [1], $text ); } while ( preg_match ( '/(<[^><]+)(window\.|javascript:|js:|about:|file:|document\.|vbs:|cookie)([^><]*)/i', $text, $mat ) ){ $text = str_replace ( $mat [0], $mat [1] . $mat [3], $text ); } return $text;}