xxs过滤
来源:互联网 发布:php银联支付demo 编辑:程序博客网 时间:2024/05/22 05:05
/// <summary>
/// Xss过滤器
/// </summary>
public class XssCleaner
{
private static List<KeyValuePair<string, Regex>> injectWords = new List<KeyValuePair<string, Regex>>();
/// <summary>
/// 静态构造函数
/// </summary>
static XssCleaner()
{
#region 关键字(可任意变更,不区分大小写)
injectWords.Add(new KeyValuePair<string, Regex>(@"alert", new Regex(@"alert\(.*\)", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"javascript", new Regex(@"javascript", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"document.", new Regex(@"document\.", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"script", new Regex(@"<\s*script.*>.*<\/\s*script\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"script", new Regex(@"<\s*script.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"applet", new Regex(@"<\s*applet.*>.*<\/\s*applet\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"applet", new Regex(@"<\s*applet.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frameset", new Regex(@"<\s*frameset.*>.*<\/\s*frameset\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frameset", new Regex(@"<\s*frameset.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"iframe", new Regex(@"<\s*iframe.*>.*<\/\s*iframe\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"iframe", new Regex(@"<\s*iframe.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frame", new Regex(@"<\s*frame.*>.*<\/\s*frame\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frame", new Regex(@"<\s*frame.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"img", new Regex(@"<\s*img.*>.*<\/\s*img\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"img", new Regex(@"<\s*img.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"link", new Regex(@"<\s*link.*>.*<\/\s*link\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"link", new Regex(@"<\s*link.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"object", new Regex(@"<\s*object.*>.*<\/\s*object\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"object", new Regex(@"<\s*object.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"style", new Regex(@"<\s*style.*>.*<\/\s*style\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"style", new Regex(@"<\s*style.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
#endregion
#region 符号(可任意变更,不区分大小写)
#endregion
}
/// <summary>
/// 过滤
/// </summary>
/// <param name="input">输入</param>
/// <returns>输出</returns>
public static string Clean(string input)
{
if (string.IsNullOrWhiteSpace(input))
{
return input;
}
injectWords.ForEach(injectWord =>
{
var startIndex = input.IndexOf(injectWord.Key, StringComparison.CurrentCultureIgnoreCase);
if (startIndex >= 0)
{
input = injectWord.Value.Replace(input, string.Empty);
}
});
return input;
}
}
/// Xss过滤器
/// </summary>
public class XssCleaner
{
private static List<KeyValuePair<string, Regex>> injectWords = new List<KeyValuePair<string, Regex>>();
/// <summary>
/// 静态构造函数
/// </summary>
static XssCleaner()
{
#region 关键字(可任意变更,不区分大小写)
injectWords.Add(new KeyValuePair<string, Regex>(@"alert", new Regex(@"alert\(.*\)", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"javascript", new Regex(@"javascript", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"document.", new Regex(@"document\.", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"script", new Regex(@"<\s*script.*>.*<\/\s*script\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"script", new Regex(@"<\s*script.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"applet", new Regex(@"<\s*applet.*>.*<\/\s*applet\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"applet", new Regex(@"<\s*applet.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frameset", new Regex(@"<\s*frameset.*>.*<\/\s*frameset\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frameset", new Regex(@"<\s*frameset.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"iframe", new Regex(@"<\s*iframe.*>.*<\/\s*iframe\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"iframe", new Regex(@"<\s*iframe.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frame", new Regex(@"<\s*frame.*>.*<\/\s*frame\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frame", new Regex(@"<\s*frame.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"img", new Regex(@"<\s*img.*>.*<\/\s*img\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"img", new Regex(@"<\s*img.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"link", new Regex(@"<\s*link.*>.*<\/\s*link\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"link", new Regex(@"<\s*link.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"object", new Regex(@"<\s*object.*>.*<\/\s*object\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"object", new Regex(@"<\s*object.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"style", new Regex(@"<\s*style.*>.*<\/\s*style\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"style", new Regex(@"<\s*style.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
#endregion
#region 符号(可任意变更,不区分大小写)
#endregion
}
/// <summary>
/// 过滤
/// </summary>
/// <param name="input">输入</param>
/// <returns>输出</returns>
public static string Clean(string input)
{
if (string.IsNullOrWhiteSpace(input))
{
return input;
}
injectWords.ForEach(injectWord =>
{
var startIndex = input.IndexOf(injectWord.Key, StringComparison.CurrentCultureIgnoreCase);
if (startIndex >= 0)
{
input = injectWord.Value.Replace(input, string.Empty);
}
});
return input;
}
}
0 0
- xxs过滤
- xxs攻击
- xxs攻击
- XXS攻击入门
- xxs简单了解
- easyui datagrid xxs
- 一次真实的XXS攻击
- 网站防范XXS攻击的关键思考
- Yii防止sql注入、xxs方法
- php 一个过虑xxs的代码
- ASP.NET MVC中防止XXS跳转
- 过滤
- 过滤
- 过滤
- 过滤
- 过滤
- 过滤
- VS2010中 取消XXS跨站脚本攻击的检测
- 创建属于自己的页面,自定义初始界面
- sql无法打开用户默认数据库,登录失败,用户‘sa’登录失败,错误:4064
- 使用DBCC DBINFO查询数据库信息
- Ubuntu中设置环境变量的几种方式及区别
- 又见回文数 NYOJ781
- xxs过滤
- ASP.NET框架中SQL Server 2008表值参数的操作
- GO语言介绍及视频教程
- 网页遮罩层设置透明背景
- sql注入过滤
- c/c++常用算法(7) -- 基本算法思想(续)
- Oracle用户被锁原因及办法
- 微信公众平台申请测试接口URL和TOKEN的配置,怎么在本地让微信能通过80端口访问
- android系统自带样式(转)