asp中实现清除html的函数 这个函数是必需要的,很多黑客来捣乱,黑掉数据库,会注入大量的病毒js,在存储和展示文本数据的时候,使用此函数过滤一下,可避免不少麻烦 clearhtml代码 '清除HTML代码 function clearhtml(content) content=replacehtml("[^>]*;","",content) content=replacehtml("?marquee[^>]*>","",content) content=replacehtml("?object[^>]*>","",content) content=replacehtml("?param[^>]*>","",content) content=replacehtml("?embed[^>]*>","",content) content=replacehtml("?table[^>]*>","",content) content=replacehtml(" ","",content) content=replacehtml("?tr[^>]*>","",content) content=replacehtml("?th[^>]*>","",content) content=replacehtml("?p[^>]*>","",content) content=replacehtml("?a[^>]*>","",content) content=replacehtml("?img[^>]*>","",content) content=replacehtml("?tbody[^>]*>","",content) content=replacehtml("?li[^>]*>","",content) content=replacehtml("?span[^>]*>","",content) content=replacehtml("?div[^>]*>","",content) content=replacehtml("?th[^>]*>","",content) content=replacehtml("?td[^>]*>","",content) content=replacehtml("?script[^>]*>","",content) content=replacehtml("(javascript|jscript|vbscript|vbs):","",content) content=replacehtml("on(mouse|exit|error|click|key)","",content) content=replacehtml("<\\?xml[^>]*>","",content) content=replacehtml("<\/?[a-z]+:[^>]*>","",content) content=replacehtml("?font[^>]*>","",content) content=replacehtml("?h[^>]*>","",content) content=replacehtml("?u[^>]*>","",content) content=replacehtml("?i[^>]*>","",content) content=replacehtml("?center[^>]*>","",content) content=replacehtml("?center[^>]*>","",content) content=replacehtml("?nobr[^>]*>","",content) content=replacehtml("?clk[^>]*>","",content) content=replacehtml("?muti[^>]*>","",content) content=replacehtml("?/option[^>]*>","",content) content=replacehtml("?o[^>]*>","",content) content=replacehtml("?strong[^>]*>","",content) clearhtml=content end function replacehtml代码 function replacehtml(patrn,strng,content) if isnull(content) then content="" end if set regex=new regexp regex.pattern=patrn regex.ignorecase=true regex.global=true replacehtml=regex.replace(content,strng) end function 使用方法: 复制代码 代码如下: <%=clearhtml("