zoukankan
html css js c++ java
危险字符过滤的类(转)
using
System;
using
System.IO;
using
System.Text;
using
System.Text.RegularExpressions;
using
System.Runtime.Remoting;
using
System.Runtime.Remoting.Proxies;
using
System.Runtime.Remoting.Messaging;
using
System.Reflection;
namespace
FilterRealProxy
{
/**/
/**/
/**/
///
<summary>
///
FilterRealProxy类:一个真实代理, 拦截它所代理对象中方法的返回值,并对需要过滤的返回值进行过滤。
///
</summary>
public
class
FilterRealProxy:RealProxy
{
private
MarshalByRefObject target;
public
FilterRealProxy(MarshalByRefObject target):
base
(target.GetType())
{
this
.target
=
target;
}
public
override
IMessage Invoke(IMessage msg)
{
IMethodCallMessage callMsg
=
msg
as
IMethodCallMessage;
IMethodReturnMessage returnMsg
=
RemotingServices.ExecuteMessage(target,callMsg);
//
检查返回值是否为String,如果不是String,就没必要进行过滤
if
(
this
.IsMatchType(returnMsg.ReturnValue))
{
string
returnValue
=
this
.Filter(returnMsg.ReturnValue.ToString(),returnMsg.MethodName);
return
new
ReturnMessage(returnValue,
null
,
0
,
null
,callMsg);
}
return
returnMsg;
}
protected
string
Filter(
string
ReturnValue,
string
MethodName)
{
MethodInfo methodInfo
=
target.GetType().GetMethod(MethodName);
object
[] attributes
=
methodInfo.GetCustomAttributes(
typeof
(StringFilter),
true
);
foreach
(
object
attrib
in
attributes)
{
return
FilterHandler.Process(((StringFilter)attrib).FilterType,ReturnValue);
}
return
ReturnValue;
}
protected
bool
IsMatchType(
object
obj)
{
return
obj
is
System.String;
}
}
/**/
/**/
/**/
///
<summary>
///
StringFilter类:自定义属性类, 定义目标元素的过滤类型
///
</summary>
public
class
StringFilter:Attribute
{
protected
FilterType _filterType;
public
StringFilter(FilterType filterType)
{
this
._filterType
=
filterType;
}
public
FilterType FilterType
{
get
{
return
_filterType;
}
}
}
/**/
/**/
/**/
///
<summary>
///
枚举类:用于指定过滤类型,例如:对script过滤还是对html进行过滤?
///
</summary>
[Flags()]
public
enum
FilterType
{
Script
=
1
,
Html
=
2
,
Object
=
3
,
AHrefScript
=
4
,
Iframe
=
5
,
Frameset
=
6
,
Src
=
7
,
BadWords
=
8
,
//
Include=9,
All
=
16
}
/**/
/**/
/**/
///
<summary>
///
过滤处理类:根据过滤类型,调用相应的过滤处理方法。
///
</summary>
public
class
FilterHandler
{
private
FilterHandler()
{
}
public
static
string
Process(FilterType filterType,
string
filterContent)
{
switch
(filterType)
{
case
FilterType.Script:
filterContent
=
FilterScript(filterContent);
break
;
case
FilterType.Html:
filterContent
=
FilterHtml(filterContent);
break
;
case
FilterType.Object:
filterContent
=
FilterObject(filterContent);
break
;
case
FilterType.AHrefScript:
filterContent
=
FilterAHrefScript(filterContent);
break
;
case
FilterType.Iframe:
filterContent
=
FilterIframe(filterContent);
break
;
case
FilterType.Frameset:
filterContent
=
FilterFrameset(filterContent);
break
;
case
FilterType.Src:
filterContent
=
FilterSrc(filterContent);
break
;
//
case FilterType.Include:
//
filterContent=FilterInclude(filterContent);
//
break;
case
FilterType.BadWords:
filterContent
=
FilterBadWords(filterContent);
break
;
case
FilterType.All:
filterContent
=
FilterAll(filterContent);
break
;
default
:
//
do nothing
break
;
}
return
filterContent;
}
public
static
string
FilterScript(
string
content)
{
string
commentPattern
=
@"
(?'comment'<!--.*?--[ \n\r]*>)
"
;
string
embeddedScriptComments
=
@"
(\/\*.*?\*\/|\/\/.*?[\n\r])
"
;
string
scriptPattern
=
String.Format(
@"
(?'script'<[ \n\r]*script[^>]*>(.*?{0}?)*<[ \n\r]*/script[^>]*>)
"
, embeddedScriptComments ) ;
//
包含注释和Script语句
string
pattern
=
String.Format(
@"
(?s)({0}|{1})
"
, commentPattern, scriptPattern) ;
return
StripScriptAttributesFromTags(Regex.Replace(content,pattern,
string
.Empty,RegexOptions.IgnoreCase));
}
private
static
string
StripScriptAttributesFromTags(
string
content )
{
string
eventAttribs
=
@"
on(blur|c(hange|lick)|dblclick|focus|keypress|(key|mouse)(down|up)|(un)?load
|mouse(move|o(ut|ver))|reset|s(elect|ubmit))
"
;
string
pattern
=
String.Format(
@"
(?inx)
\<(\w+)\s+
(
(?'attribute'
(?'attributeName'{0})\s*=\s*
(?'delim'['""]?)
(?'attributeValue'[^'"">]+)
(\3)
)
|
(?'attribute'
(?'attributeName'href)\s*=\s*
(?'delim'['""]?)
(?'attributeValue'javascript[^'"">]+)
(\3)
)
|
[^>]
)*
\>
"
, eventAttribs ) ;
Regex re
=
new
Regex( pattern ) ;
//
使用MatchEvaluator的委托
return
re.Replace( content,
new
MatchEvaluator( StripAttributesHandler ) ) ;
}
private
static
string
StripAttributesHandler( Match m )
{
if
( m.Groups[
"
attribute
"
].Success )
{
return
m.Value.Replace( m.Groups[
"
attribute
"
].Value,
""
) ;
}
else
{
return
m.Value ;
}
}
public
static
string
FilterAHrefScript(
string
content)
{
string
newstr
=
FilterScript(content);
string
regexstr
=
@"
href[ ^=]*= *[\s\S]*script *:
"
;
return
Regex.Replace(newstr,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
public
static
string
FilterSrc(
string
content)
{
string
newstr
=
FilterScript(content);
string
regexstr
=
@"
src *= *['""]?[^\.]+\.(js|vbs|asp|aspx|php|jsp)['""]
"
;
return
Regex.Replace(newstr,regexstr,
@""
,RegexOptions.IgnoreCase);
}
/**/
/**/
/**/
/*
public static string FilterInclude(string content)
{
string newstr=FilterScript(content);
string regexstr=@"<[\s\S]*include *(file|virtual) *= *[\s\S]*\.(js|vbs|asp|aspx|php|jsp)[^>]*>";
return Regex.Replace(newstr,regexstr,string.Empty,RegexOptions.IgnoreCase);
}
*/
public
static
string
FilterHtml(
string
content)
{
string
newstr
=
FilterScript(content);
string
regexstr
=
@"
<[^>]*>
"
;
return
Regex.Replace(newstr,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
public
static
string
FilterObject(
string
content)
{
string
regexstr
=
@"
(?i)<Object([^>])*>(\w|\W)*</Object([^>])*>
"
;
return
Regex.Replace(content,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
public
static
string
FilterIframe(
string
content)
{
string
regexstr
=
@"
(?i)<Iframe([^>])*>(\w|\W)*</Iframe([^>])*>
"
;
return
Regex.Replace(content,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
public
static
string
FilterFrameset(
string
content)
{
string
regexstr
=
@"
(?i)<Frameset([^>])*>(\w|\W)*</Frameset([^>])*>
"
;
return
Regex.Replace(content,regexstr,
string
.Empty,RegexOptions.IgnoreCase);
}
//
移除非法或不友好字符
private
static
string
FilterBadWords(
string
chkStr)
{
//
这里的非法和不友好字符由你任意加,用“|”分隔,支持正则表达式,由于本Blog禁止贴非法和不友好字符,所以这里无法加上。
string
BadWords
=
@""
;
if
(chkStr
==
""
)
{
return
""
;
}
string
[] bwords
=
BadWords.Split(
'
#
'
);
int
i,j;
string
str;
StringBuilder sb
=
new
StringBuilder();
for
(i
=
0
; i
<
bwords.Length; i
++
)
{
str
=
bwords[i].ToString().Trim();
string
regStr,toStr;
regStr
=
str;
Regex r
=
new
Regex(regStr,RegexOptions.IgnoreCase
|
RegexOptions.Singleline
|
RegexOptions.Multiline);
Match m
=
r.Match(chkStr);
if
(m.Success)
{
j
=
m.Value.Length;
sb.Insert(
0
,
"
*
"
,j);
toStr
=
sb.ToString();
chkStr
=
Regex.Replace(chkStr,regStr,toStr,RegexOptions.IgnoreCase
|
RegexOptions.Singleline
|
RegexOptions.Multiline);
}
sb.Remove(
0
,sb.Length);
}
return
chkStr;
}
public
static
string
FilterAll(
string
content)
{
content
=
FilterHtml(content);
content
=
FilterScript(content);
content
=
FilterAHrefScript(content);
content
=
FilterObject(content);
content
=
FilterIframe(content);
content
=
FilterFrameset(content);
content
=
FilterSrc(content);
content
=
FilterBadWords(content);
//
content = FilterInclude(content);
return
content;
}
}
}
查看全文
相关阅读:
spring整合mybatis的事物管理配置
平庸久了,是会上瘾的
kafka基本概念
JMS编程模型
aop的基本概念
事务的隔离级别和传播行为
IntelliJ IDEA 导入Project
[PowerShell]列出檔案與資料夾的資訊
[powershell]统计目录大小
[powershell]有关IP的设置
原文地址:https://www.cnblogs.com/meiproject/p/760146.html
最新文章
6.4hadoop idea本地运行器测试
Hadoop 3.2.1 win10 64位系统 vs2015 编译
QTabWidget TabBar 右侧背景色设置和QTabWidget 样式设置
6.3 MRUnit写Mapper和Reduce的单元测试
6.2.2 辅助类GenericOptionsParser,Tool和ToolRunner深入解析
6.1Hadoop属性Configuration配置API
5.4.2 mapFile读写和索引
5.4.1 sequenceFile读写文件、记录边界、同步点、压缩排序、格式
移位运算符(JAVA)
如何保证ArrayList线程安全
热门文章
四种读写方案IO流 (JAVA)
过滤,绑定及动画
Java正则抓取Email
URL和URI的区别
适配器模式(接口)
单例 (JAVA)
SQL编程
有关静态方法和普通方法的调用
oracle时间段查询-从00:00:00开始
java随机数的生成
Copyright © 2011-2022 走看看