.net 过滤特殊字符

/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// <returns>已经去除标记后的文字</returns>
public string NoHTML(string Htmlstring)
{
  if (Htmlstring == null)
  {
    return "";
  }
  else
  {
    //删除脚本
    Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
    //删除HTML
    Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"([/r/n])[/s]+", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);

    Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "/xa1", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "/xa2", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "/xa3", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "/xa9", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, @"&#(/d+);", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);

    //删除与数据库相关的词
    Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "count‘‘", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
    Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);

    return Htmlstring;

  }

}

时间: 2024-11-08 23:38:48

.net 过滤特殊字符的相关文章

jquery过滤特殊字符及js字符串转为数字

//替换特殊字符 $(this).val($(this).val().replace(/[~'!<>@#$%^&*()-+_=:]/g, "")); 方法主要有三种 转换函数.强制类型转换.利用js变量弱类型转换. 1. 转换函数: js提供了parseInt()和parseFloat()两个转换函数.前者把值转换成整数,后者把值转换成浮点数.只有对String类型调用这些方法,这两个函数才能正确运行:对其他类型返回的都是NaN(Not a Number). 一些示

MVC 记录操作日志与过滤特殊字符

最近进行的MVC系统需要用到记录操作日志和过滤特殊字符的功能,如果每个action中都调用记录日志的方法就太麻烦了,所以根据需要结合mvc的过滤机制 写了个特殊字符验证与记录操作日志的公用类: 1 public class CustomFilterAttribute : ActionFilterAttribute 2 { 3 public CustomFilterAttribute() 4 { 5 IsLog = false; 6 FilterSpecialChar = true; 7 } 8

JSON转换类(一)--过滤特殊字符,格式化字符型、日期型、布尔型

/// <summary> /// 过滤特殊字符 /// </summary> private static string String2Json(String s) { StringBuilder sb = new StringBuilder(); for (int i = 0; i < s.Length; i++) { char c = s.ToCharArray()[i]; switch (c) { case '\"': sb.Append("\\\

函数stripslashes去除转义 shopnc 搜索框过滤特殊字符 输入单斜杆会自动转义

如何php是如何处理和过滤特殊字符的呢? 搜索%_显示所有商品:搜索\会在搜索框内叠加\\ 查了一下 magic_quotes_sybase 项开启,反斜线将被去除,但是两个反斜线将会被替换成一个. 解决办法 stripslashes — 反引用一个引用字符串 <?php $str = "Is your name O\'reilly?" ; // 输出: Is your name O'reilly? echo stripslashes ( $str ); ?>

C# 过滤特殊字符,保留中文,字母,数字,和-

#region public static string FilterChar(string inputValue) 过滤特殊字符,保留中文,字母,数字,和- /// <summary> /// 过滤特殊字符,保留中文,字母,数字,和- /// </summary> /// <param name="inputValue">输入字符串</param> /// <remarks>发件和收件详细地址有这种情况:“仓场路40-73号

JavaScript过滤特殊字符

1.设计实例 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="C

C# 过滤特殊字符

1. /// <summary> /// 过滤不安全的字符串 /// </summary> /// <param name="Str"></param> /// <returns></returns> public static string FilteSQLStr(string Str) { Str = Str.Replace("'", ""); Str = Str.Rep

KETTLE使用javascript步骤过滤特殊字符

使用kettle在抽取大量excel数据时,总是遇到excel中有一些特殊字符,导致ExecuteSQL script步骤执行失败,本文记录一些方法过滤一些特殊字符.同行有更好的方式实现,欢迎指点,共同学习. 完整的实现转换截图如下 1.  使用javascript步骤过滤所有string字段的字符 使用javascript步骤可以通过代码来实现,避免增加过多的步骤,且一次性过滤所有的字段:代码如下: for (vari=0;i<getInputRowMeta().size();i++){ /

JAVA中过滤特殊字符预防SQL注入

package cn.com.hbivt.util; public class StringUtils { //过滤通过页面表单提交的字符 private static String[][] FilterChars={{"<","<"},{">",">"},{" "," "},{"\"","""},{&q