/// <summary>
/// 移除字符串中的可能引起危險Sql字符
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string RemoveSqlUnsafeString(string str)
{
string p = @"[-|;|,|/|(|)|[|]|}|{|%|@|*|!|']";
return Regex.Replace(str, p, "");
}
/// <summary>
/// 檢測是否有Sql危險字符
/// </summary>
/// <param name="str">要判斷字符串</param>
/// <returns>判斷結果</returns>
public static bool IsSafeSqlString(string str)
{ return !Regex.IsMatch(str, @"[-|;|,|/|(|)|[|]|}|{|%|@|*|!|']");
} /// <summary>
/// 替換sql語句中的有問題符號
/// </summary>
public static string ChkSQL(string str)
{
string str2; if (str == null)
{
str2 = "";
}
else
{
str = str.Replace("'", "''");
str2 = str;
}
return str2;
}
#region 過濾攻擊性字符
/// <summary>
/// 過濾攻擊性字符
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string ReplaceBadChar(string str)
{
if (!string.IsNullOrEmpty(str))
{
str = Regex.Replace(str, @"(?s)/*.*?*/", "", RegexOptions.IgnoreCase); //刪除注釋:/* */
str = Regex.Replace(str, @"(?s)<script.*?>.*?</script>", "", RegexOptions.IgnoreCase); //刪除腳本
str = Regex.Replace(str, @"(?s)<style.*?>.*?</style>", "", RegexOptions.IgnoreCase);
//需要把用戶自己添加的樣式都刪除
//<link href="/scripts/PopBox/stylesheets/Styles.css" rel="stylesheet" type="text/css" />
str = Regex.Replace(str, @"(?s)<link[^>]+href+([^>]+?)>", "", RegexOptions.IgnoreCase); //替換一些比較特殊的字符
// str = str.Replace(" ", " "); //將 替換為一個空格
str = str.Replace("—", "-");//將—替換為-
str = str.Replace("”", "”");
str = str.Replace("“", "“");
str = str.Replace("≤", "<=");
str = str.Replace("≠", "!=");
str = str.Replace("≥", ">="); //<img src="" onerror="" /> <([^>|^<]+?on)([w]+[^=]+?)=([^>]+?)>
str = Regex.Replace(str, @"<([^>|^<]+?on)([a-z|A-Z]+[^=]+?)=([^>]+?)>",
"<$1_$2=$3>", RegexOptions.IgnoreCase);//過濾可能的XSS攻擊,腳本事件 //javascript:
str = str.Replace("javascript:", "javascript:");//過濾<img src="javascript:alert(/xss/)" /> str = str.Replace("vbscrript:", "vbscript:");//過濾vbscript str = str.Replace("script", "script");//過濾所有可能的腳本 liehuo.net //style="XSS:expression(alert(/xss/))"
str = str.Replace("expression", "Expression");//過濾所有可能的腳本
//str=Regex.Replace(str,@"(style(.*))=(.*)(expression)","$1=$3",
RegexOptions.IgnoreCase); //過濾樣式中,可能帶有的腳本事件
//<iframe src=
str = Regex.Replace(str, "(?s)<iframe.*?>.*?</iframe>", "",
RegexOptions.IgnoreCase);//過濾Ifrmae;網
//防止轉碼XSS攻擊:<img src="javascript:a
lert('XSS');">
str = str.Replace("#", "#");//過濾#
// str = str.Replace("&", "&");//過濾&
str = str.Replace("%", "%");//過濾% //<img STYLE="background-image: 75726c286a61766173
63726970743a616c6572742827585353272929">
str = str.Replace("", "/");//過濾 防止連接16進制的攻擊 if (str.IndexOf("<script") >= 0)
str = str.Replace("<", "<--script"); if (str.IndexOf("'") > 0)
str = str.Replace("'", "’"); //str = str.Replace("<", "<");
//str = str.Replace(">", ">"); }
return str;
}
#endregion |
