zoukankan      html  css  js  c++  java

  • 过滤关键字防止XSS攻击

            public static string ClearXSS(string str)
        {
            string returnValue = str;
            if (string.IsNullOrEmpty(returnValue)) { return string.Empty; }

            ///过滤CSS Expression AND 过滤JavsScript
            returnValue = Regex.Replace(returnValue, @"<(style|script)[^<>]*?>.*?</(style|script)>", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);        

            ///过滤JS 事件 如:onclick="alert('123');"
            returnValue = Regex.Replace(returnValue, @"(?<=<[^>]+?)(onclick|ondatabinding|ondblclick|ondisposed|oninit|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onprerender|onunload|onerror|onfocus)(?=.*?)", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);

            //过滤iframe|frame
            returnValue = Regex.Replace(returnValue, @"<(iframe|frame)[^>]*>|</(iframe|frame)>", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);   

            return returnValue;
        }
  • 相关阅读:
    tp.c
    trace
    一致性哈希算法
    update_dctcp_alpha
    dctcp-ns2-patch
    C++ inheritance: public, private. protected ZZ
    C++ virtual inheritance ZZ
    C++ 类对象的初始化顺序 ZZ
    C++ inheritance examples
    classifier.cc-recv() [ns2.35]
  • 原文地址:https://www.cnblogs.com/mingjia/p/6044055.html
Copyright © 2011-2022 走看看