【转】C# 过滤HTML，脚本，数据库关键字，特殊字符

    /// <summary>/// 过滤标记/// </summary>/// <param name="NoHTML">包括HTML，脚本，数据库关键字，特殊字符的源码 </param>/// <returns>已经去除标记后的文字</returns>    public static string NoHTML(string Htmlstring)    {if (Htmlstring == null)        {return "";        }else        {//删除脚本            Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);//删除HTML            Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);

//删除与数据库相关的词            Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "or", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "net", "", RegexOptions.IgnoreCase);//Htmlstring = Regex.Replace(Htmlstring,"*", "", RegexOptions.IgnoreCase);//Htmlstring = Regex.Replace(Htmlstring,"-", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "delete", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "drop", "", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase);

//特殊的字符            Htmlstring = Htmlstring.Replace("<", "");            Htmlstring = Htmlstring.Replace(">", "");            Htmlstring = Htmlstring.Replace("*", "");            Htmlstring = Htmlstring.Replace("-", "");            Htmlstring = Htmlstring.Replace("?", "");            Htmlstring = Htmlstring.Replace(",", "");            Htmlstring = Htmlstring.Replace("/", "");            Htmlstring = Htmlstring.Replace(";", "");            Htmlstring = Htmlstring.Replace("*/", "");            Htmlstring = Htmlstring.Replace("\r\n", "");            Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();

return Htmlstring;        }

    }

转自：http://hi.baidu.com/squirrel_/blog/item/7c4c083b9b8384e714cecb7f.html

转载于:https://www.cnblogs.com/dupeng0811/archive/2012/03/07/2383743.html

【转】C# 过滤HTML，脚本，数据库关键字，特殊字符相关推荐

php gt lte gte,springdata jpa封装数据库关键字（EQ, LIKE, GT, LT, GTE, LTE,IN）
数据库关键字申明,类SearchFilter: /*************************************************************************** ...
PHP 一个可以过滤非法脚本的函数
这里提供一个过滤非法脚本的函数: function RemoveXSS($val) { // remove all non-printable characters. CR(0a) and L ...
数据表列名与数据库关键字冲突，在Hibernate下的解决办法
设计了一个数据库,某一个列名字是key,这与mysql数据库关键字冲突了,Hibernate下save总是报错. 在mysql命令中,解决办法很简单,只需要将关键字key用引号括起来就好了. 在Hib ...
java 过滤xss脚本_Java Web应用程序的反跨站点脚本（XSS）过滤器
java 过滤xss脚本这是为Java Web应用程序编写的一个好简单的反跨站点脚本(XSS)过滤器. 它的基本作用是从请求参数中删除所有可疑字符串,然后将其返回给应用程序. 这是我以前关于该主题的 ...
java 过滤脚本_【快学SpringBoot】过滤XSS脚本攻击(包括json格式)
XSS攻击是什么 XSS攻击全称跨站脚本攻击,是为不和层叠样式表(Cascading Style Sheets, CSS)的缩写混淆,故将跨站脚本攻击缩写为XSS,XSS是一种在web应用中的计算机安 ...
ORACLE数据库查询锁表语句sql脚本,以及删除锁信息脚本(数据库开发ETL、DBA必备)
ORACLE数据库查询锁表语句sql脚本,以及删除锁信息脚本(数据库开发ETL.DBA必备) 文章目录 ORACLE数据库查询锁表语句sql脚本,以及删除锁信息脚本(数据库开发ETL.DBA必备) 前 ...
数据库关键字(保留字)
达梦数据库 1 KEYWORD LENGTH 2 ABORT 5 3 ABSOLUTE 8 4 ABSTRACT 8 5 ACCESSED 8 6 ACCOUNT 7 7 ACROSS 6 8 ACT ...
springdata jpa封装数据库关键字（EQ, LIKE, GT, LT, GTE, LTE,IN）
数据库关键字申明,类SearchFilter: /*************************************************************************** ...
mybatis自动识别数据库关键字
用MyBatis Generator生成mapper文件时,当数据库表中有类似name,describe等,这些关键字时,会提示sql语句有误的错误,解决方法: 在generatorConfig.xm ...
Mysql一些表结构字段是数据库关键字需要避开，如果发现了就需要解决
数据库关键字链接需要避开,如果发现了就需要解决 https://dev.mysql.com/doc/refman/5.7/en/keywords.html 2.解决办法: 在字段前面` 主要解决Sri ...

【转】C# 过滤HTML，脚本，数据库关键字，特殊字符

【转】C# 过滤HTML，脚本，数据库关键字，特殊字符相关推荐

最新文章

热门文章