zoukankan      html  css  js  c++  java

  • 过滤关键字防止XSS攻击

            public static string ClearXSS(string str)
        {
            string returnValue = str;
            if (string.IsNullOrEmpty(returnValue)) { return string.Empty; }

            ///过滤CSS Expression AND 过滤JavsScript
            returnValue = Regex.Replace(returnValue, @"<(style|script)[^<>]*?>.*?</(style|script)>", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);        

            ///过滤JS 事件 如:onclick="alert('123');"
            returnValue = Regex.Replace(returnValue, @"(?<=<[^>]+?)(onclick|ondatabinding|ondblclick|ondisposed|oninit|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onprerender|onunload|onerror|onfocus)(?=.*?)", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);

            //过滤iframe|frame
            returnValue = Regex.Replace(returnValue, @"<(iframe|frame)[^>]*>|</(iframe|frame)>", string.Empty, RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture | RegexOptions.Singleline);   

            return returnValue;
        }
  • 相关阅读:
    译:DOM2中的高级事件处理(转)
    Cookbook of QUnit
    URI编码解码和base64
    css截断长文本显示
    内置对象,原生对象和宿主对象
    HTML中的meta(转载)
    iframe编程的一些问题
    自动补全搜索实现
    new的探究
    深入instanceof
  • 原文地址:https://www.cnblogs.com/mingjia/p/6044055.html
Copyright © 2011-2022 走看看