zoukankan      html  css  js  c++  java
  • 过滤关键字防止XSS攻击

            public static string ClearXSS(string str)
            {
                string returnValue = str;
                if (string.IsNullOrEmpty(returnValue)) { return string.Empty; }
    
                ///过滤CSS Expression AND 过滤JavsScript
                returnValue = Regex.Replace(returnValue, @"<(style|script)[^<>]*?>.*?</(style|script)>", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);        
    
                ///过滤JS 事件 如:onclick="alert('123');"
                returnValue = Regex.Replace(returnValue, @"(?<=<[^>]+?)(onclick|ondatabinding|ondblclick|ondisposed|oninit|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onprerender|onunload|onerror|onfocus)(?=.*?)", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);
    
                //过滤iframe|frame
                returnValue = Regex.Replace(returnValue, @"<(iframe|frame)[^>]*>|</(iframe|frame)>", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);   
    
                return returnValue;
            }
  • 相关阅读:
    译:DOM2中的高级事件处理(转)
    Cookbook of QUnit
    URI编码解码和base64
    css截断长文本显示
    内置对象,原生对象和宿主对象
    HTML中的meta(转载)
    iframe编程的一些问题
    自动补全搜索实现
    new的探究
    深入instanceof
  • 原文地址:https://www.cnblogs.com/mingjia/p/6044055.html
Copyright © 2011-2022 走看看