ASP网站过滤xss注入功能
'ASP网站过滤xss注入功能
Function Checkxss(byVal ChkStr)
dim Str,re
Str = ChkStr
if IsNull(Str) then Checkxss = "" : Exit Function
Str = Replace(Str, "&", "&") : Str = Replace(Str, "'", "´") : Str = Replace(Str, """", """) : Str = Replace(Str, "<", "<") : Str = Replace(Str, ">", ">") : Str = Replace(Str, "/", "/") : Str = Replace(Str, "*", "*")
Set re = New RegExp
re.IgnoreCase = True : re.Global = True
re.Pattern = "(w)(here)" : Str = re.Replace(Str, "$1here")
re.Pattern = "(s)(elect)" : Str = re.Replace(Str, "$1elect")
re.Pattern = "(i)(nsert)" : Str = re.Replace(Str, "$1nsert")
re.Pattern = "(c)(reate)" : Str = re.Replace(Str, "$1reate")
re.Pattern = "(d)(rop)" : Str = re.Replace(Str, "$1rop")
re.Pattern = "(a)(lter)" : Str = re.Replace(Str, "$1lter")
re.Pattern = "(d)(elete)" : Str = re.Replace(Str, "$1elete")
re.Pattern = "(u)(pdate)" : Str = re.Replace(Str, "$1pdate")
re.Pattern = "(\s)(or)" : Str = re.Replace(Str, "$1or")
re.Pattern = "(java)(script)" : Str = re.Replace(Str, "$1script")
re.Pattern = "(j)(script)" : Str = re.Replace(Str, "$1script")
re.Pattern = "(vb)(script)" : Str = re.Replace(Str, "$1script")
If Instr(Str, "expression") > 0 Then Str = Replace(Str, "expression", "e­xpression", 1, -1, 0)
Set re = Nothing
Checkxss = Str
End Function
Function Checkxss(byVal ChkStr)
dim Str,re
Str = ChkStr
if IsNull(Str) then Checkxss = "" : Exit Function
Str = Replace(Str, "&", "&") : Str = Replace(Str, "'", "´") : Str = Replace(Str, """", """) : Str = Replace(Str, "<", "<") : Str = Replace(Str, ">", ">") : Str = Replace(Str, "/", "/") : Str = Replace(Str, "*", "*")
Set re = New RegExp
re.IgnoreCase = True : re.Global = True
re.Pattern = "(w)(here)" : Str = re.Replace(Str, "$1here")
re.Pattern = "(s)(elect)" : Str = re.Replace(Str, "$1elect")
re.Pattern = "(i)(nsert)" : Str = re.Replace(Str, "$1nsert")
re.Pattern = "(c)(reate)" : Str = re.Replace(Str, "$1reate")
re.Pattern = "(d)(rop)" : Str = re.Replace(Str, "$1rop")
re.Pattern = "(a)(lter)" : Str = re.Replace(Str, "$1lter")
re.Pattern = "(d)(elete)" : Str = re.Replace(Str, "$1elete")
re.Pattern = "(u)(pdate)" : Str = re.Replace(Str, "$1pdate")
re.Pattern = "(\s)(or)" : Str = re.Replace(Str, "$1or")
re.Pattern = "(java)(script)" : Str = re.Replace(Str, "$1script")
re.Pattern = "(j)(script)" : Str = re.Replace(Str, "$1script")
re.Pattern = "(vb)(script)" : Str = re.Replace(Str, "$1script")
If Instr(Str, "expression") > 0 Then Str = Replace(Str, "expression", "e­xpression", 1, -1, 0)
Set re = Nothing
Checkxss = Str
End Function