62,046
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
oumeiren 2009-02-23
- 打赏
- 举报
我这里有个方法,基本上都能过滤掉
public static string DelHtmlCode(string html)
{
html = GetString2(html); //先过滤脏话
System.Text.RegularExpressions.Regex regex1 = new System.Text.RegularExpressions.Regex(@"<script[\s\S]+</script *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
System.Text.RegularExpressions.Regex regex2 = new System.Text.RegularExpressions.Regex(@" href *= *[\s\S]*script *:", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
System.Text.RegularExpressions.Regex regex3 = new System.Text.RegularExpressions.Regex(@" on[\s\S]*=", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
System.Text.RegularExpressions.Regex regex4 = new System.Text.RegularExpressions.Regex(@"<iframe[\s\S]+</iframe *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
System.Text.RegularExpressions.Regex regex5 = new System.Text.RegularExpressions.Regex(@"<frameset[\s\S]+</frameset *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
//System.Text.RegularExpressions.Regex regex6 = new System.Text.RegularExpressions.Regex(@"\<img[^\>]+\>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
//System.Text.RegularExpressions.Regex regex7 = new System.Text.RegularExpressions.Regex(@"</p>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
//System.Text.RegularExpressions.Regex regex8 = new System.Text.RegularExpressions.Regex(@"<p>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex1.Replace(html, ""); //过滤<script></script>标记
html = regex2.Replace(html, ""); //过滤href=javascript: (<A>) 属性
html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
html = regex4.Replace(html, ""); //过滤iframe
html = regex5.Replace(html, ""); //过滤frameset
//html = regex6.Replace(html, ""); //过滤frameset
//html = regex7.Replace(html, ""); //过滤frameset
//html = regex8.Replace(html, ""); //过滤frameset
//html = html.Replace(" ", "");
html = html.Replace("</strong>", "");
html = html.Replace("<strong>", "");
//给图片添加上控制尺寸的方法
string strReg = @"\<img[^\>]+\>";
System.Text.RegularExpressions.MatchCollection matches = System.Text.RegularExpressions.Regex.Matches(html, strReg, System.Text.RegularExpressions.RegexOptions.IgnoreCase);
for (int i = 0; i < matches.Count; i++)
{
string a = matches[i].ToString(); //原来的图片
if (a.IndexOf("/>") < 0)
{
a = a.Replace(">", "/>");
}
string aa = a.Substring(0, a.Length - 2) + " onload='javascript:DrawImage(this);' >";
html = html.Replace(a, aa);
}
return html;
}
wangxiaofeiwuqiao 2009-02-23
- 打赏
- 举报
//查找
protected void Button1_Click(object sender, EventArgs e)
{
string str = TextBox1.Text.Trim();
if (ChkBadWord(str))
{
Response.Write("<script>alert('存在非法字符')</script>");
}
else
{
Response.Write("<script>alert('不存在非法字符')</script>");
}
}
//过滤字符方法
public bool ChkBadWord(string badword)
{
string[] bw = strbadword();
bool isok = false;
foreach (string str in bw)
{
if (!(badword.IndexOf(str) > -1))
{
isok = true;
return isok;
}
}
return isok;
}
//非法字符系列
private string[] strbadword()
{
string[] bad = new string[11];
bad[0] = "'";
bad[1] = "\"";
bad[2] = ";";
bad[3] = "--";
bad[4] = ",";
bad[5] = "!";
bad[6] = "~";
bad[7] = "@";
bad[8] = "#";
bad[9] = "$";
bad[10] = "%";
return bad;
}
protected void Button1_Click(object sender, EventArgs e)
{
string str = TextBox1.Text.Trim();
if (ChkBadWord(str))
{
Response.Write("<script>alert('存在非法字符')</script>");
}
else
{
Response.Write("<script>alert('不存在非法字符')</script>");
}
}
//过滤字符方法
public bool ChkBadWord(string badword)
{
string[] bw = strbadword();
bool isok = false;
foreach (string str in bw)
{
if (!(badword.IndexOf(str) > -1))
{
isok = true;
return isok;
}
}
return isok;
}
//非法字符系列
private string[] strbadword()
{
string[] bad = new string[11];
bad[0] = "'";
bad[1] = "\"";
bad[2] = ";";
bad[3] = "--";
bad[4] = ",";
bad[5] = "!";
bad[6] = "~";
bad[7] = "@";
bad[8] = "#";
bad[9] = "$";
bad[10] = "%";
return bad;
}
hjw01592 2009-02-23
- 打赏
- 举报
/// <summary>
/// 过滤文本中的非法字符串
/// </summary>
/// <param name="str">要输入的文本</param>
/// <returns></returns>
public static string HtmlEncode(string str)
{
str = str.Replace("&", "&");
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace("'", "''");
str = str.Replace("*", "");
str = str.Replace("\n", "<br/>");
str = str.Replace("\r\n", "<br/>");
str = str.Replace("select", "");
str = str.Replace("insert", "");
str = str.Replace("update", "");
str = str.Replace("delete", "");
str = str.Replace("create", "");
str = str.Replace("drop", "");
str = str.Replace("delcare", "");
if (str.Trim().ToString() == "") { str = "无"; }
return str.Trim();
}
/// 过滤文本中的非法字符串
/// </summary>
/// <param name="str">要输入的文本</param>
/// <returns></returns>
public static string HtmlEncode(string str)
{
str = str.Replace("&", "&");
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace("'", "''");
str = str.Replace("*", "");
str = str.Replace("\n", "<br/>");
str = str.Replace("\r\n", "<br/>");
str = str.Replace("select", "");
str = str.Replace("insert", "");
str = str.Replace("update", "");
str = str.Replace("delete", "");
str = str.Replace("create", "");
str = str.Replace("drop", "");
str = str.Replace("delcare", "");
if (str.Trim().ToString() == "") { str = "无"; }
return str.Trim();
}
xutao888 2009-02-23
- 打赏
- 举报
用参数方式调用SQL
yzone 2009-02-23
- 打赏
- 举报
我想在输入的一个文本框过后,点提交按纽进行验证,在输入的框中要过滤掉HTML标签和乱码以及危险字符等东西!
wuyq11 2009-02-23
- 打赏
- 举报
http://www.cnblogs.com/wangying110166/archive/2007/05/28/762764.aspx
http://www.cnblogs.com/coolylh/archive/2006/03/21/355041.html
http://www.cnblogs.com/coolylh/archive/2006/03/21/355041.html
sykey 2009-02-23
- 打赏
- 举报
string charstr = "',;,*,%,and,exec,insert,select,count,chr,mid,master,truncate,char,declare";
string[] strarr = charstr.Split(',');
foreach (string i in strarr)
{
if (str.IndexOf(i) > -1)
{
return false;
}
}
string[] strarr = charstr.Split(',');
foreach (string i in strarr)
{
if (str.IndexOf(i) > -1)
{
return false;
}
}
fxcjy 2009-02-23
- 打赏
- 举报
楼主真懒,什么也没说
BossFriday 2009-02-23
- 打赏
- 举报
过滤什么的危险字符sql还是UI里js的或者其他.
