<html>
<input type="button" onclick="test();" value="测试"/>
<script type="text/javascript">
function test(){
var v = '<a href="ul_ol.htm">进入列表的设置页面</a>';
var v0 = v;
v = filterHTML(v);
var result = checkIsXSS(v);
alert("v0 "+ v0 + " v "+ v + " result=>" + result);
}
function filterHTML(v){
//过滤匹配匹配的<>
v = v.replace(/<.*?>/g,"");
// 过滤只有<的
v = v.replace(/<.*?/g,"");
// 过滤只有>的
v = v.replace(/.*?>/g,"");
return v;
}
/*xss校验函数,返回值:true 表示存在xss漏洞,false:不存在*/
function checkIsXSS(v) {
var res1 = (new RegExp("\b(document|onload|eval|script|img|svg|onerror|javascript|alert)\b")).test(v);
var res2 = (new RegExp("<","g")).test(v);
var res3 = (new RegExp(">","g")).test(v);
return ((res1 == true) || (res2 == true) || (res3 == true));
}
</script>
</html>