zoukankan
html css js c++ java
危险字符过滤的类
using
System;
using
System.IO;
using
System.Text;
using
System.Text.RegularExpressions;
using
System.Runtime.Remoting;
using
System.Runtime.Remoting.Proxies;
using
System.Runtime.Remoting.Messaging;
using
System.Reflection;
namespace
FilterRealProxy
{
/**/
///
<summary>
///
FilterRealProxy类:一个真实代理, 拦截它所代理对象中方法的返回值,并对需要过滤的返回值进行过滤。
///
</summary>
public
class
FilterRealProxy:RealProxy
{
private
MarshalByRefObject target;
public
FilterRealProxy(MarshalByRefObject target):
base
(target.GetType())
{
this
.target
=
target;
}
public
override
IMessage Invoke(IMessage msg)
{
IMethodCallMessage callMsg
=
msg
as
IMethodCallMessage;
IMethodReturnMessage returnMsg
=
RemotingServices.ExecuteMessage(target,callMsg);
//
检查返回值是否为String,如果不是String,就没必要进行过滤
if
(
this
.IsMatchType(returnMsg.ReturnValue))
{
string
returnValue
=
this
.Filter(returnMsg.ReturnValue.ToString(),returnMsg.MethodName);
return
new
ReturnMessage(returnValue,
null
,
0
,
null
,callMsg);
}
return
returnMsg;
}
protected
string
Filter(
string
ReturnValue,
string
MethodName)
{
MethodInfo methodInfo
=
target.GetType().GetMethod(MethodName);
object
[] attributes
=
methodInfo.GetCustomAttributes(
typeof
(StringFilter),
true
);
foreach
(
object
attrib
in
attributes)
{
return
FilterHandler.Process(((StringFilter)attrib).FilterType,ReturnValue);
}
return
ReturnValue;
}
protected
bool
IsMatchType(
object
obj)
{
return
obj
is
System.String;
}
}
/**/
///
<summary>
///
StringFilter类:自定义属性类, 定义目标元素的过滤类型
///
</summary>
public
class
StringFilter:Attribute
{
protected
FilterType _filterType;
public
StringFilter(FilterType filterType)
{
this
._filterType
=
filterType;
}
public
FilterType FilterType
{
get
{
return
_filterType;
}
}
}
/**/
///
<summary>
///
枚举类:用于指定过滤类型,例如:对script过滤还是对html进行过滤?
///
</summary>
[Flags()]
public
enum
FilterType
{
Script
=
1
,
Html
=
2
,
Object
=
3
,
AHrefScript
=
4
,
Iframe
=
5
,
Frameset
=
6
,
Src
=
7
,
BadWords
=
8
,
//
Include=9,
All
=
16
}
/**/
///
<summary>
///
过滤处理类:根据过滤类型,调用相应的过滤处理方法。
///
</summary>
public
class
FilterHandler
{
private
FilterHandler()
{
}
public
static
string
Process(FilterType filterType,
string
filterContent)
{
switch
(filterType)
{
case
FilterType.Script:
filterContent
=
FilterScript(filterContent);
break
;
case
FilterType.Html:
filterContent
=
FilterHtml(filterContent);
break
;
case
FilterType.Object:
filterContent
=
FilterObject(filterContent);
break
;
case
FilterType.AHrefScript:
filterContent
=
FilterAHrefScript(filterContent);
break
;
case
FilterType.Iframe:
filterContent
=
FilterIframe(filterContent);
break
;
case
FilterType.Frameset:
filterContent
=
FilterFrameset(filterContent);
break
;
case
FilterType.Src:
filterContent
=
FilterSrc(filterContent);
break
;
//
case FilterType.Include:
//
filterContent=FilterInclude(filterContent);
//
break;
case
FilterType.BadWords:
filterContent
=
FilterBadWords(filterContent);
break
;
case
FilterType.All:
filterContent
=
FilterAll(filterContent);
break
;
default
:
//
do nothing
break
;
}
return
filterContent;
}
public
static
string
FilterScript(
string
content)
{
string
commentPattern
=
@"
(?'comment'<!--.*?--[ \n\r]*>)
"
;
string
embeddedScriptComments
=
@"
(\/\*.*?\*\/|\/\/.*?[\n\r])
"
;
string
scriptPattern
=
String.Format(
@"
(?'script'<[ \n\r]*script[^>]*>(.*?{0}?)*<[ \n\r]*/script[^>]*>)
"
, embeddedScriptComments ) ;
//
包含注释和Script语句
string
pattern
=
String.Format(
@"
(?s)({0}|{1})
"
, commentPattern, scriptPattern) ;
return
StripScriptAttributesFromTags(Regex.Replace(content,pattern,
string
.Empty,RegexOptions.IgnoreCase));
}
private
static
string
StripScriptAttributesFromTags(
string
content )
{
string
eventAttribs
=
@"
on(blur|c(hange|lick)|dblclick|focus|keypress|(key|mouse)(down|up)|(un)?load
|mouse(move|o(ut|ver))|reset|s(elect|ubmit))
"
;
string
pattern
=
String.Format(
@"
(?inx)
\<(\w+)\s+
(
(?'attribute'
(?'attributeName'{0})\s*=\s*
(?'delim'['""]?)
(?'attributeValue'[^'"">]+)
(\3)
)
|
(?'attribute'
(?'attributeName'href)\s*=\s*
(?'delim'['""]?)
(?'attributeValue'javascript[^'"">]+)
(\3)
)
|
[^>]
)*
\>
"
, eventAttribs ) ;
Regex re
=
new
Regex( pattern ) ;
//
使用MatchEvaluator的委托
return
re.Replace( content,
new
MatchEvaluator( StripAttributesHandler ) ) ;
}
private
static
string
StripAttributesHandler( Match m )
{
if
( m.Groups[
"
attribute
"
].Success )
{
return
m.Value.Replace( m.Groups[
"
attribute
"
].Value,
""
) ;
}
else
{
return
m.Value ;
}
}
public
static
string
FilterAHrefScript(
string
content)
{
string
newstr
=
FilterScript(content);
string
regexstr
=
@"
href[ ^=]*= *[\s\S]*script *:
"
;
return
Regex.Replace(newstr,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
public
static
string
FilterSrc(
string
content)
{
string
newstr
=
FilterScript(content);
string
regexstr
=
@"
src *= *['""]?[^\.]+\.(js|vbs|asp|aspx|php|jsp)['""]
"
;
return
Regex.Replace(newstr,regexstr,
@""
,RegexOptions.IgnoreCase);
}
/**/
/*
public static string FilterInclude(string content)
{
string newstr=FilterScript(content);
string regexstr=@"<[\s\S]*include *(file|virtual) *= *[\s\S]*\.(js|vbs|asp|aspx|php|jsp)[^>]*>";
return Regex.Replace(newstr,regexstr,string.Empty,RegexOptions.IgnoreCase);
}
*/
public
static
string
FilterHtml(
string
content)
{
string
newstr
=
FilterScript(content);
string
regexstr
=
@"
<[^>]*>
"
;
return
Regex.Replace(newstr,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
public
static
string
FilterObject(
string
content)
{
string
regexstr
=
@"
(?i)<Object([^>])*>(\w|\W)*</Object([^>])*>
"
;
return
Regex.Replace(content,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
public
static
string
FilterIframe(
string
content)
{
string
regexstr
=
@"
(?i)<Iframe([^>])*>(\w|\W)*</Iframe([^>])*>
"
;
return
Regex.Replace(content,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
public
static
string
FilterFrameset(
string
content)
{
string
regexstr
=
@"
(?i)<Frameset([^>])*>(\w|\W)*</Frameset([^>])*>
"
;
return
Regex.Replace(content,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
//
移除非法或不友好字符
private
static
string
FilterBadWords(
string
chkStr)
{
//
这里的非法和不友好字符由你任意加,用“|”分隔,支持正则表达式,由于本Blog禁止贴非法和不友好字符,所以这里无法加上。
string
BadWords
=
@"
"
;
if
(chkStr
==
""
)
{
return
""
;
}
string
[] bwords
=
BadWords.Split(
'
#
'
);
int
i,j;
string
str;
StringBuilder sb
=
new
StringBuilder();
for
(i
=
0
; i
<
bwords.Length; i
++
)
{
str
=
bwords[i].ToString().Trim();
string
regStr,toStr;
regStr
=
str;
Regex r
=
new
Regex(regStr,RegexOptions.IgnoreCase
|
RegexOptions.Singleline
|
RegexOptions.Multiline);
Match m
=
r.Match(chkStr);
if
(m.Success)
{
j
=
m.Value.Length;
sb.Insert(
0
,
"
*
"
,j);
toStr
=
sb.ToString();
chkStr
=
Regex.Replace(chkStr,regStr,toStr,RegexOptions.IgnoreCase
|
RegexOptions.Singleline
|
RegexOptions.Multiline);
}
sb.Remove(
0
,sb.Length);
}
return
chkStr;
}
public
static
string
FilterAll(
string
content)
{
content
=
FilterHtml(content);
content
=
FilterScript(content);
content
=
FilterAHrefScript(content);
content
=
FilterObject(content);
content
=
FilterIframe(content);
content
=
FilterFrameset(content);
content
=
FilterSrc(content);
content
=
FilterBadWords(content);
//
content = FilterInclude(content);
return
content;
}
}
}
查看全文
相关阅读:
Python的map、filter、reduce函数
C/C++中extern关键字详解
python中的多继承
用python爬虫抓站的一些技巧总结
python中的OO
互斥量、条件变量与pthread_cond_wait()函数的使用,详解
C/C++ struct位结构(位域)
VS2008无法启动asp.net提示“无法启动程序: http://localhost/.../test.aspx” 数据无效”。
昨晚比较开心,QQ2009 sp6的0x00dd发送出去的包终于搞明白了
CRC32 CRC16 校验算法 C# 代码
原文地址:https://www.cnblogs.com/ghd258/p/354970.html
最新文章
【20110407】做每个操作之前都先看看这个操作是否有效
【20110407】不要在界面上对数据库进行改动
SQL Server关注的性能指标
【20110409】 磁盘空间不足,数据库瘫痪
SQL Server 查找未使用的索引
【20110406】SQL Server 2000 日志传送搭建
sql server 正在运行的sql语句
优化数据库快照
查看job运行时间,以便不影响生产数据库正常运行
一些有用但文档中没有介绍的sql server DBCC命令
热门文章
创建错误日志循环
Missing Indexes in SQL Server 2005
创建性能基线
更新所有数据库统计信息
SQL Server 找回没有备份的数据
慎用 logon trigger
SQL Server 创建性能基线
VMware 安装黑苹果 Mac 注意事项
C++中的布局new操作符
C++开发必看 四种强制类型转换的总结
Copyright © 2011-2022 走看看