【下载文档: asp中实现清除html的函数.txt 】
asp中实现清除html的函数
这个函数是必需要的,很多黑客来捣乱,黑掉数据库,会注入大量的病毒js,在存储和展示文本数据的时候,使用此函数过滤一下,可避免不少麻烦
clearhtml代码
'清除HTML代码
function clearhtml(content)
content=replacehtml("[^>]*;","",content)
content=replacehtml("?marquee[^>]*>","",content)
content=replacehtml("?object[^>]*>","",content)
content=replacehtml("?param[^>]*>","",content)
content=replacehtml("?embed[^>]*>","",content)
content=replacehtml("?table[^>]*>","",content)
content=replacehtml(" ","",content)
content=replacehtml("?tr[^>]*>","",content)
content=replacehtml("?th[^>]*>","",content)
content=replacehtml("?p[^>]*>","",content)
content=replacehtml("?a[^>]*>","",content)
content=replacehtml("?img[^>]*>","",content)
content=replacehtml("?tbody[^>]*>","",content)
content=replacehtml("?li[^>]*>","",content)
content=replacehtml("?span[^>]*>","",content)
content=replacehtml("?div[^>]*>","",content)
content=replacehtml("?th[^>]*>","",content)
content=replacehtml("?td[^>]*>","",content)
content=replacehtml("?script[^>]*>","",content)
content=replacehtml("(javascript|jscript|vbscript|vbs):","",content)
content=replacehtml("on(mouse|exit|error|click|key)","",content)
content=replacehtml("<\\?xml[^>]*>","",content)
content=replacehtml("<\/?[a-z]+:[^>]*>","",content)
content=replacehtml("?font[^>]*>","",content)
content=replacehtml("?h[^>]*>","",content)
content=replacehtml("?u[^>]*>","",content)
content=replacehtml("?i[^>]*>","",content)
content=replacehtml("?center[^>]*>","",content)
content=replacehtml("?center[^>]*>","",content)
content=replacehtml("?nobr[^>]*>","",content)
content=replacehtml("?clk[^>]*>","",content)
content=replacehtml("?muti[^>]*>","",content)
content=replacehtml("?/option[^>]*>","",content)
content=replacehtml("?o[^>]*>","",content)
content=replacehtml("?strong[^>]*>","",content)
clearhtml=content
end function
replacehtml代码
function replacehtml(patrn,strng,content)
if isnull(content) then
content=""
end if
set regex=new regexp
regex.pattern=patrn
regex.ignorecase=true
regex.global=true
replacehtml=regex.replace(content,strng)
end function
使用方法:
复制代码 代码如下:
<%=clearhtml("
分享代码提示(2)
- 添加完代码必须点击“完成并查看”生效
- 准确的编程语言,可正确对代码语法着色
- 输入简单几个字的代码片段说明
- 上传源码文件时无需再输入说明
- 非程序相关文件将直接删除,严重封帐号
- 图片仅用来上传截图之类的文件,勿作他途
")%>
以上就是本文所述的全部内容了,希望大家能够喜欢。