zoukankan      html  css  js  c++  java
  • XSS漏洞字符串过滤 狼

            public string wipescript(string html)
            {
              
                System.Text.RegularExpressions.Regex regex1 = new System.Text.RegularExpressions.Regex(@"<script[\s\s]+</script *>",  System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex2 = new System.Text.RegularExpressions.Regex(@" href *= *[\s\s]*script *:",  System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex3 = new System.Text.RegularExpressions.Regex(@" on[\s\s]*=",  System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex4 = new System.Text.RegularExpressions.Regex(@"<iframe[\s\s]+</iframe *>",  System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex5 = new System.Text.RegularExpressions.Regex(@"<frameset[\s\s]+</frameset *>",  System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                html = regex1.Replace(html, ""); //过滤<script></script>标记
                html = regex2.Replace(html, ""); //过滤href=javascript: (<a>) 属性
                html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
                html = regex4.Replace(html, ""); //过滤iframe
                html = regex5.Replace(html, ""); //过滤frameset
                return html;
            }
  • 相关阅读:
    程序人生,编程思想
    CentOS Linux Jenkins安装、部署、更新
    Git常用命令
    U盘安装Mac OS X要点
    Shell执行*.sql
    WebStorm远程调试Node.js
    svn常用命令
    敏捷开发相关编辑思想(SOA、DDD、REST、CQRS)
    VisualVM远程监控Java
    centos搭建git服务
  • 原文地址:https://www.cnblogs.com/gowhy/p/2089208.html
Copyright © 2011-2022 走看看