C# 过滤用户输入,防止恶意数据

发布日期:2018-02-08    浏览次数:479
/// 
    ///过滤用户输入,防止恶意数据
    /// 
    public class SecurityFilter
    {
        public SecurityFilter()
        {
        }

        /// 
        /// Method to make sure that user's inputs are not malicious
        /// 过滤所有html标签
        /// 
        /// User's Input
        /// Maximum length of input
        /// The cleaned up version of the input
        public static string InputText(string text)
        {
            text = text.Trim();
            if (text.Trim() == "")
                return string.Empty;
            text = Regex.Replace(text, "[\\s]{2,}", " ");	//two or more spaces
            text = Regex.Replace(text, "(<[b|B][r|R]/*>)+|(<[p|P](.|\\n)*?>)", "\n");	//
text = Regex.Replace(text, "(\\s*&[n|N][b|B][s|S][p|P];\\s*)+", " "); //  text = Regex.Replace(text, "<(.|\\n)*?>", string.Empty); //any other tags text = text.Replace("'", "''"); text = ProcessSqlStr(text); return text; } /// /// 过滤数组中的每个值 /// /// /// public static string[] FilterArray(params string[] str) { for (int i = 0; i < str.Length; i++) { str[i] = ProcessSqlStr(InputText(str[i])); } return str; } /// /// 过滤单个值 /// /// /// public static string FilterValue(string str) { return ProcessSqlStr(InputText(str)); } /// /// 过滤部分恶意标签 /// /// /// public static String UnSafeHTMLFilter(string html) { Regex regex1 = new Regex(@"", RegexOptions.IgnoreCase); Regex regex2 = new Regex(@" href *= *[\s\S]*script *:", RegexOptions.IgnoreCase); Regex regex3 = new Regex(@" on[\s\S]*=", RegexOptions.IgnoreCase); Regex regex4 = new Regex(@"", RegexOptions.IgnoreCase); Regex regex5 = new Regex(@"", RegexOptions.IgnoreCase); Regex regex6 = new Regex(@"", RegexOptions.IgnoreCase); Regex regex7 = new Regex(@"", RegexOptions.IgnoreCase); Regex regex8 = new Regex(@"", RegexOptions.IgnoreCase); Regex regex9 = new Regex(@"", RegexOptions.IgnoreCase); Regex regex10 = new Regex(@"", RegexOptions.IgnoreCase); html = regex1.Replace(html, ""); //过滤标记 html = regex2.Replace(html, ""); //过滤href=javascript: () 属性 html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件 html = regex4.Replace(html, ""); //过滤iframe html = regex5.Replace(html, ""); //过滤frameset html = regex6.Replace(html, "");//过滤title html = regex7.Replace(html, "");//过滤head html = regex8.Replace(html, "");//过滤body html = regex9.Replace(html, "");//过滤style html = regex10.Replace(html, "");//过滤include html = ProcessSqlStr(html); return html; } /// /// 过滤sql注入 /// /// 传入用户提交数据 /// 返回是否含有SQL注入式攻击代码 public static string ProcessSqlStr(string Str) { string ReturnValue = ""; try { if (!string.IsNullOrEmpty(Str)) { string SqlStr = "or |and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare |create |drop |alter|'|--"; string[] anySqlStr = SqlStr.Split('|'); ReturnValue = Str; foreach (string ss in anySqlStr) { Str.Replace(ss, ""); } } } catch { ReturnValue = ""; } return ReturnValue; } }
0

上一篇: DES加密及验证

下一篇: MD5加密

本文网址:https://www.wyxxw.cn/blog-detail-2-6-89.html

返回列表

非特殊说明,本文版权归原作者所有,转载请注明出处

提示:本站所有资源仅供学习与参考,请勿用于商业用途。图片来自互联网~如侵犯您的权益,请联系QQ:1067507709.

提示:转载请注明来自:https://www.wyxxw.cn/blog-detail-2-6-89.html 。 本文发布者:momo