zoukankan      html  css  js  c++  java

  • asp.net防SQL/JS注入攻击:过滤标记

    /// <summary>
    /// 过滤标记
    /// </summary>
    /// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
    /// <returns>已经去除标记后的文字</returns>
    public static string NoHTML(string Htmlstring)
    {
    if (Htmlstring == null)
    {
    return "";
    }
    else
    {
    //删除脚本
    Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
    //删除HTML
    Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"([/r/n])[/s]+", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);

    Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "/"", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "/xa1", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "/xa2", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "/xa3", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "/xa9", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&#(/d+);", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);

    //删除与数据库相关的词
    Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);

    return Htmlstring ;

          }

    }
  • 相关阅读:
    B-Tree和B+Tree的区别
    b树和hash树的应用场景
    比较顺序表和链表的优缺点,说说它们分别在什么场景下使用?
    5V与3.3V电平互转
    100M双绞线接头的标准接法
    解决openwrt中文界面异常
    刚刚开通了博客
    openwrt挂载摄像头及视频保存
    mwan3多wan叠加成功
    贝尔金(Belkin)7231-4P tftp救砖
  • 原文地址:https://www.cnblogs.com/wangluochong/p/3747545.html
Copyright © 2011-2022 走看看