.NET防止SQL、JS、HTML注入

最新推荐文章于 2025-05-02 18:54:16 发布

weixin_30764771

最新推荐文章于 2025-05-02 18:54:16 发布

阅读量113

点赞数

CC 4.0 BY-SA版权

文章标签：数据库

原文链接：http://www.cnblogs.com/keyyang/p/4174105.html

本文介绍了一个用于清除HTML标签、脚本、数据库关键词及特殊字符的C#方法。该方法通过正则表达式实现了对输入字符串中特定模式的匹配与替换，从而有效地过滤了可能存在的恶意代码或不安全元素。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML，脚本，数据库关键字，特殊字符的源码 </param>
/// <returns>已经去除标记后的文字</returns>
public static string NoHTML(string Htmlstring)
{
if (Htmlstring == null)
{
return "";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"([/r/n])[/s]+", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);

Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "/"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "/xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "/xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "/xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "/xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&#(/d+);", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);

//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);

return Htmlstring ;

      }

}

转载于:https://www.cnblogs.com/keyyang/p/4174105.html