<
textarea
id
="bug"
cols
="80"
rows
="16"
>
< button id ="kick" > 过滤 </ button >
< script >
function kickBug(str) {
return str.replace( / <(script|link|style|iframe)(.|\n)*\ / \ 1 > \s * / ig,"");
}
</ script >
< iframe ></ iframe >
< link href ='test.css' ></ link >
< style >
a {
height : expression(alert('hei')) ;
}
</ style >
</ textarea >
< button id ="kick" > 过滤 </ button >
< script >
function kickBug(str)
{
str = kickBug1(str);
str = kickBug2(str);
str = kickBug3(str);
str = kickBug4(str);
str = filterKey(str);
return str;
}
function filterKey(str)
{
str = str.replace( " 共 产 党 " , " *** " );
return str;
}
// <script>标签、<link>标签、<style>标签、iframe,object,embed标签
function kickBug1(str) {
return str.replace( / <(script|link|style|iframe|object|embed)(.|\n)*\ / \ 1 > \s * / ig,"");
}
// on开头的标签属性
function kickBug2(str) {
return str.replace( / <[a-z][^>]*\s*on[a-z]+\s*=[^>]+ / ig, function ($ 0 ,$ 1 ){
return $ 0 .replace( / \s*on[a-z]+\s*=\s*("[^"]+"|'[^']+'|[^\s]+)\s* / ig, "" );
});
}
// javascript(vbscript)伪协议
function kickBug3(str) {
return str.replace( / <[a-z][^>]*\s*(href|src)\s*=[^>]+ / ig, function ($ 0 ,$ 1 ){
$ 0 = $ 0 .replace( / (6[5-9]|[78][0-9]|9[0789]|1[01][0-9]|12[012]);? / g, function ($ 0 ,$ 1 ){ return String.fromCharCode($ 1 );});
return $ 0 .replace( / \s*(href|src)\s*=\s*("\s*(javascript|vbscript):[^"]+"|'\s*(javascript|vbscript):[^']+'|(javascript|vbscript):[^\s]+) / ig, "" );
});
}
// css的epression
function kickBug4(str) {
return str.replace( / <[a-z][^>]*\s*style\s*=[^>]+ / ig, function ($ 0 ,$ 1 ){
$ 0 = $ 0 .replace( / (6[5-9]|[78][0-9]|9[0789]|1[01][0-9]|12[012]);? / g, function ($ 0 ,$ 1 ){ return String.fromCharCode($ 1 );});
return $ 0 .replace( / \s*style\s*=\s*("[^"]+(expression)[^"]+"|'[^']+\2[^']+'|[^\s]+\2[^\s]+)\s* / ig, "" );
});
}
if ( ! / msie / i.test(navigator.userAgent)){
HTMLElement.prototype.__defineGetter__( " innerText " , function (){
return this .textContent;
});
HTMLElement.prototype.__defineSetter__( " innerText " , function (text){
this .textContent = text;
});
}
document.getElementById( " kick " ).onclick = function () {
var bug = document.getElementById( " bug " );
bug.innerText = kickBug(bug.innerText);
}
</ script >
< button id ="kick" > 过滤 </ button >
< script >
function kickBug(str) {
return str.replace( / <(script|link|style|iframe)(.|\n)*\ / \ 1 > \s * / ig,"");
}
</ script >
< iframe ></ iframe >
< link href ='test.css' ></ link >
< style >
a {
height : expression(alert('hei')) ;
}
</ style >
</ textarea >
< button id ="kick" > 过滤 </ button >
< script >
function kickBug(str)
{
str = kickBug1(str);
str = kickBug2(str);
str = kickBug3(str);
str = kickBug4(str);
str = filterKey(str);
return str;
}
function filterKey(str)
{
str = str.replace( " 共 产 党 " , " *** " );
return str;
}
// <script>标签、<link>标签、<style>标签、iframe,object,embed标签
function kickBug1(str) {
return str.replace( / <(script|link|style|iframe|object|embed)(.|\n)*\ / \ 1 > \s * / ig,"");
}
// on开头的标签属性
function kickBug2(str) {
return str.replace( / <[a-z][^>]*\s*on[a-z]+\s*=[^>]+ / ig, function ($ 0 ,$ 1 ){
return $ 0 .replace( / \s*on[a-z]+\s*=\s*("[^"]+"|'[^']+'|[^\s]+)\s* / ig, "" );
});
}
// javascript(vbscript)伪协议
function kickBug3(str) {
return str.replace( / <[a-z][^>]*\s*(href|src)\s*=[^>]+ / ig, function ($ 0 ,$ 1 ){
$ 0 = $ 0 .replace( / (6[5-9]|[78][0-9]|9[0789]|1[01][0-9]|12[012]);? / g, function ($ 0 ,$ 1 ){ return String.fromCharCode($ 1 );});
return $ 0 .replace( / \s*(href|src)\s*=\s*("\s*(javascript|vbscript):[^"]+"|'\s*(javascript|vbscript):[^']+'|(javascript|vbscript):[^\s]+) / ig, "" );
});
}
// css的epression
function kickBug4(str) {
return str.replace( / <[a-z][^>]*\s*style\s*=[^>]+ / ig, function ($ 0 ,$ 1 ){
$ 0 = $ 0 .replace( / (6[5-9]|[78][0-9]|9[0789]|1[01][0-9]|12[012]);? / g, function ($ 0 ,$ 1 ){ return String.fromCharCode($ 1 );});
return $ 0 .replace( / \s*style\s*=\s*("[^"]+(expression)[^"]+"|'[^']+\2[^']+'|[^\s]+\2[^\s]+)\s* / ig, "" );
});
}
if ( ! / msie / i.test(navigator.userAgent)){
HTMLElement.prototype.__defineGetter__( " innerText " , function (){
return this .textContent;
});
HTMLElement.prototype.__defineSetter__( " innerText " , function (text){
this .textContent = text;
});
}
document.getElementById( " kick " ).onclick = function () {
var bug = document.getElementById( " bug " );
bug.innerText = kickBug(bug.innerText);
}
</ script >
1986
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
