-- 作者:zhirui
-- 发布时间:2013-07-27 21:43:54
-- asp过滤非法字符
<%
function strleach(str)\'过滤非法字符函数
dim strg
if str="" then exit function
strg=replace(str,chr(34),"")\' "
strg=replace(strg,chr(39),"")\' \'
strg=replace(strg,chr(60),"")\' <
strg=replace(strg,chr(62),"")\' >
strg=replace(strg,chr(37),"")\' %
strg=replace(strg,chr(38),"")\' &
strg=replace(strg,chr(40),"")\' (
strg=replace(strg,chr(41),"")\' )
strg=replace(strg,chr(59),"")\' ;
strg=replace(strg,chr(43),"")\' +
strg=replace(strg,chr(45),"")\' -
strg=replace(strg,chr(91),"")\' [
strg=replace(strg,chr(93),"")\' ]
strg=replace(strg,chr(123),"")\' {
strg=replace(strg,chr(125),"")\' }
strleach=strg
end function
Public Function DecodeFilter(html, filter)
html=LCase(html)
filter=split(filter,",")
For Each i In filter
Select Case i
Case "SCRIPT" \' 去除所有客户端脚本javascipt,vbscript,jscript,js,vbs,event,...
html = exeRE("(javascript|jscript|vbscript|vbs):", "#", html)
html = exeRE("</?script[^>]*>", "", html)
html = exeRE("on(mouse|exit|error|click|key)", "", html)
Case "TABLE": \' 去除表格<table><tr><td><th>
html = exeRE("</?table[^>]*>", "", html)
html = exeRE("</?tr[^>]*>", "", html)
html = exeRE("</?th[^>]*>", "", html)
html = exeRE("</?td[^>]*>", "", html)
html = exeRE("</?tbody[^>]*>", "", html)
Case "CLASS" \' 去除样式类class=""
html = exeRE("(<[^>]+) class=[^ |^>]*([^>]*>)", "$1 $2", html)
Case "STYLE" \' 去除样式style=""
html = exeRE("(<[^>]+) style=""[^""]*""([^>]*>)", "$1 $2", html)
html = exeRE("(<[^>]+) style=\'[^\']*\'([^>]*>)", "$1 $2", html)
Case "IMG" \' 去除样式style=""
html = exeRE("</?img[^>]*>", "", html)
Case "XML" \' 去除XML<?xml>
html = exeRE("<[^>]*>", "", html)
Case "NAMESPACE" \' 去除命名空间<o></o>
html = exeRE("<\\/?[a-z]+:[^>]*>", "", html)
Case "FONT" \' 去除字体<font></font>
html = exeRE("</?font[^>]*>", "", html)
html = exeRE("</?a[^>]*>", "", html)
html = exeRE("</?span[^>]*>", "", html)
html = exeRE("</?br[^>]*>", "", html)
Case "MARQUEE" \' 去除字幕<marquee></marquee>
html = exeRE("</?marquee[^>]*>", "", html)
Case "OBJECT" \' 去除对象<object><param><embed></object>
html = exeRE("</?object[^>]*>", "", html)
html = exeRE("</?param[^>]*>", "", html)
\'html = exeRE("</?embed[^>]*>", "", html)
Case "EMBED"
html = exeRE("</?embed[^>]*>", "", html)
Case "DIV" \' 去除对象<object><param><embed></object>
html = exeRE("</?div([^>])*>", "$1", html)
html = exeRE("</?p([^>])*>", "$1", html)
Case "ONLOAD" \' 去除样式style=""
html = exeRE("(<[^>]+) "]*""([^>]*>)", "$1 $2", html)
html = exeRE("(<[^>]+) ]*\'([^>]*>)", "$1 $2", html)
Case "ONCLICK" \' 去除样式style=""
html = exeRE("(<[^>]+) "]*""([^>]*>)", "$1 $2", html)
html = exeRE("(<[^>]+) ]*\'([^>]*>)", "$1 $2", html)
Case "ONDBCLICK" \' 去除样式style=""
html = exeRE("(<[^>]+) "]*""([^>]*>)", "$1 $2", html)
html = exeRE("(<[^>]+) ]*\'([^>]*>)", "$1 $2", html)
End Select
Next
\'html = Replace(html,"<table","<")
\'html = Replace(html,"<tr","<")
\'html = Replace(html,"<td","<")
DecodeFilter = html
End Function
|