close

目的 :   過濾script 以及  過濾框架  , 防XSS   
如下

PS (可以把NOHTML 也加進來,一次擋光光   XD  )

 

    /// <summary>
    /// 過濾script 過濾框架
    /// </summary>
    /// <param name="content"></param>
    /// <returns></returns>
    protected string bp_FilterData(string content)
    {
        if (content == null || content == "")
        {
            return content;
        }
        content = FilterScript(content);  //過濾script
        content = FilterIFrame(content);  //過濾框架

        content = content.Replace("<script>", "").Replace("</script>", "");

        return content;
    }

 


    /// <summary>
    /// 過濾script
    /// </summary>
    /// <param name="content"></param>
    /// <returns></returns>
    protected  string FilterScript(string content)
    {
        if (content == null || content == "")
        {
            return content;
        }

        string regexstr = @"(?i)<script([^>])*>(\w|\W)*</script([^>])*>";//@"<script.*</script>";
        content = Regex.Replace(content, regexstr, string.Empty, RegexOptions.IgnoreCase);
        content = Regex.Replace(content, "<script([^>])*>", string.Empty, RegexOptions.IgnoreCase);
        return Regex.Replace(content, "</script>", string.Empty, RegexOptions.IgnoreCase);
    }

    /// <summary>
    /// 過濾框架
    /// </summary>
    /// <param name="content"></param>
    /// <returns></returns>
    protected  string FilterIFrame(string content)
    {
        if (content == null || content == "")
        {
            return content;
        }
        string regexstr = @"(?i)<iframe([^>])*>(\w|\W)*</iframe([^>])*>";//@"<script.*</script>";
        content = Regex.Replace(content, regexstr, string.Empty, RegexOptions.IgnoreCase);
        content = Regex.Replace(content, "<iframe([^>])*>", string.Empty, RegexOptions.IgnoreCase);
        return Regex.Replace(content, "</iframe>", string.Empty, RegexOptions.IgnoreCase);
    }

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 11 的頭像
    11

    冠霖的部落格

    11 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄