ASP.NET Web 安全防护技巧-优快云博客

本文链接：https://blog.youkuaiyun.com/sknice/article/details/2078720

本文介绍了一个用于 ASP.NET Web 应用的安全防护类 StrHelp，该类提供了多种方法来过滤潜在危险的输入，如 Form 和 QueryString 参数，并且能够截取指定长度的字符串及去除 HTML 代码。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Text;
using System.Web.UI.HtmlControls;

/// <summary>
/// StrHelp 的摘要说明
/// </summary>
public class StrHelp
{
    public StrHelp()
    {
        //
        // TODO: 在此处添加构造函数逻辑
        //
    }

    #region 过滤Form参数
    public static string FilterFrom(string param)
    {
        return FilterCode(HttpContext.Current.Request.Form[param].ToString());
    }
    #endregion

    #region 过滤Form参数并转换成整形
    public static Int32 FilterFromToInt(string param)
    {
        return Convert.ToInt32(FilterCode(HttpContext.Current.Request.Form[param].ToString()));
    }
    #endregion

    #region 过滤QueryString参数
    public static string FilterQuery(string param)
    {
        return FilterCode(HttpContext.Current.Request.QueryString[param].ToString());
    }
    #endregion

    #region 过滤QueryString参数并转换成整形
    public static Int32 FilterQueryToInt(string param)
    {
        return Convert.ToInt32(FilterCode(HttpContext.Current.Request.QueryString[param].ToString()));
    }
    #endregion

    #region 过滤字符串

    public static string FilterStr(string param)
    {
        return FilterCode(param);
    }
    #endregion

    #region 过滤字符串并转换成整形

    public static Int32 FilterStrToInt(string param)
    {
        return Convert.ToInt32(FilterCode(param));
    }
    #endregion

    #region 过滤TextBox控件的值

    public static string FilterTextBox(TextBox txt)
    {
        return FilterCode(txt.Text);
    }
    #endregion

    #region 过滤列表控件的值

    public static string FilterListControl(ListControl list)
    {
        return FilterCode(list.SelectedValue);
    }
    #endregion

    #region 截取字符串中指定的个数的字符
    public static bool IsTwoBytesChar(char chr)
    {
        string str=chr.ToString();
        Encoding ecode=Encoding.Default;
        if(ecode.GetByteCount(str)==2)
        {
            return true;
        }
        else
        {
            return false;
        }
    }
    public static int StringRealLength(string str)
    {
        int len=0;
        char[] chr=str.ToCharArray();

        for(int i=0; i<chr.Length; i++)
        {
            if(IsTwoBytesChar(chr[i]))
                len+=2;
            else
                len++;
        }

        return len;
    }
    public static string CutString(string str, int maxLen)
    {
        if(StringRealLength(str)<=maxLen*2)
        {
            return str;
        }
        else
        {
            int pos=0;

            for(int i=0; i<str.Length; i++)
            {
                if(StringRealLength(str.Substring(0, i+1))>(maxLen-1)*2)
                {
                    pos=i;
                    break;
                }
            }
            return str.Substring(0, pos)+"..";
        }
    }

    #endregion

    public static string FilterCode(string TString)
    {
        if(TString!=null)
        {
            TString=TString.Replace("'", """);
            TString=TString.Replace("--", " ");
            TString=TString.Replace(";", " ");
        }
        return TString;
    }

    #region 过滤掉 html代码
    public static string StripHTML(string strHtml)
    {
        string[] aryReg={
                    @"<script[^>]*?>.*?</script>",

                    @"<(/s*)?!?((w+:)?w+)(w+(s*=?s*(([""'])(/[""'tbnr]|[^])*?|w+)|.{0})|s)*?(/s*)?>",
                    @"([ ])[s]+",
                    @"&(quot|#34);",
                    @"&(amp|#38);",
                    @"&(lt|#60);",
                    @"&(gt|#62);",
                    @"&(nbsp|#160);",
                    @"&(iexcl|#161);",
                    @"&(cent|#162);",
                    @"&(pound|#163);",
                    @"&(copy|#169);",
                    @"&#(d+);",
                    @"-->",
                    @"<!--.* "
                    };

                            string[] aryRep= {
                    "",
                    "",
                    "",
                    """,
                    "&",
                    "<",
                    ">",
                    " ",
                    "¡",//chr(161),
                    "¢",//chr(162),
                    "£",//chr(163),
                    "©",//chr(169),
                    "",
                    " ",
                    ""
        };

        string newReg=aryReg[0];
        string strOutput=strHtml;
        for(int i=0; i<aryReg.Length; i++)
        {
            System.Text.RegularExpressions.Regex regex=new System.Text.RegularExpressions.Regex(aryReg[i], System.Text.RegularExpressions.RegexOptions.IgnoreCase);
            strOutput=regex.Replace(strOutput, aryRep[i]);
        }
        strOutput.Replace("<", "");
        strOutput.Replace(">", "");
        strOutput.Replace(" ", "");
        return strOutput;
    }
    #endregion

    #region 返回指定URL中结尾的文件名
    /// <summary>
    /// 返回指定URL中结尾的文件名
    /// </summary>
    public static string GetLastFilename(string url)
    {
        if(url==null|| url=="")
        {
           return  "";
        }
        string[] strs1=url.Split(new char[] { '/' });
        return strs1[strs1.Length-1].Split(new char[] { '?' })[0];
    }
    #endregion

    #region 返回当前URL中结尾的文件名
    /// <summary>
    /// 返回当前URL中结尾的文件名
    /// </summary>
    public static string GetLastFilename()
    {
        string url = HttpContext.Current.Request.Url.ToString();
        string[] strs1=url.Split(new char[] { '/' });
        return strs1[strs1.Length-1].Split(new char[] { '?' })[0];
    }
    #endregion

}

(转)字符串帮助类