/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// <returns>已经去除标记后的文字</returns>
public static string NoHTML(string Htmlstring)
{
if (Htmlstring == null)
{
return "";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"([/r/n])[/s]+", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "/"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "/xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "/xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "/xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "/xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&#(/d+);", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "or", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net", "", RegexOptions.IgnoreCase);
//Htmlstring = Regex.Replace(Htmlstring,"*", "", RegexOptions.IgnoreCase);
//Htmlstring = Regex.Replace(Htmlstring,"-", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "delete", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "drop", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase);
//特殊的字符
Htmlstring = Htmlstring.Replace("<", "");
Htmlstring = Htmlstring.Replace(">", "");
Htmlstring = Htmlstring.Replace("*", "");
Htmlstring = Htmlstring.Replace("-", "");
Htmlstring = Htmlstring.Replace("?", "");
Htmlstring = Htmlstring.Replace(",", "");
Htmlstring = Htmlstring.Replace("/", "");
Htmlstring = Htmlstring.Replace(";", "");
Htmlstring = Htmlstring.Replace("*/", "");
Htmlstring = Htmlstring.Replace("/r/n", "");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}
}
分享到:
相关推荐
SQL防注入代码SQL防注入代码SQL防注入代码SQL防注入代码SQL防注入代码SQL防注入代码
强烈建议在数据库处调用,检测前台get或post以及cookies的请求,建议使用时放入Global.asax中的Application_Beginrequest方法中使用。 同是初学者,还望相互交流、帮助。
对于网站的安全性,是每个网站开发者和运营者最关心的问题。网站一旦出现漏洞,那势必将造成很大的损失。为了提高网站的安全性,首先网站要防注入,最重要的是服务器的安全... C#防SQL注入方法一 在Web.config文件中
从SQL注入原理说起 让您完全掌握SQL注入途径 再详细说明 SQL防注入方法
sql防注入通用程序源码,研究sql防注入从而攻击
sql防注入触发器
Asp.Net通用Sql防注入源码 Asp.Net程序员预防程序被sql注入攻击的必备知识.
防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL注入脚本防SQL...
易语言SQL防注入源码,SQL防注入
SQL防注入.rar
(.NET)SQL Server 防注入代码 , cookie/get/post
易语言源码易语言SQL防注入源码.rar
防SQL注入组件
常用的sql防注入代码常用的sql防注入代码常用的sql防注入代码常用的sql防注入代码
SQL 防注入代码全集 包括ASP C# 多种防注入的方式!
SQL通用防注入系统 使用方法 1. 请用记事本打开Neeao_sql_admin.asp修改里面的管理密码! 2.修改文件Neeao_SqlIn.Asp和文件Neeao_sql_admin.asp中的数据库路径和数据库名称。 3.在所需要防护的页面加入代码 <!--#...
常用的asp.net的SQL防注入过滤函数大集合,实用性很高! 执行效率不错!
SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防注入ASP版本SQL防...
针对SQL注入隐蔽性极强的特点,《SQL注入攻击与防御》重点讲解了SQL注入的排查方法和可以借助的工具,总结了常见的利用SQL漏洞的方法。另外,《SQL注入攻击与防御》还专门从代码层和系统层的角度介绍了避免SQL注入的...
SQL注入以及防注入代码