UBB编辑器属于CKEditor,可以防止跨站脚本攻击(XSS攻击),不能取消微软提供的脚本验证功能,因此需要使用UBB编辑器([p]XXX[/p])。在服务端将数据库中的UBB文本输出到浏览器中时需要通过正则表达式处理这些UBB的文本数据,包括防XSS攻击的处理(处理[]和<>)。
XXX.html:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<script src="/js/jquery-1.7.1.js"></script> <!--引入Jquery和CKEditor的JS文件-->
<script src="/ckeditor/ckeditor.js"></script>
<script type="text/javascript">
$(function() {
$("#btnAdd").click(function() {
var oEditor = CKEDITOR.instances.txtContent; //找到UBB编辑器
var msg = oEditor.getData(); //获取编辑器的内容([p]XXX[/p])
alert(msg);
oEditor.setData(""); //将编辑器的内容设为空,初始化编辑器。
});
loadUBBCode(); //加载UBB编辑器
});
//加载UBB编辑器
function loadUBBCode() { //txtContent,是绑定的textArea的id。
CKEDITOR.replace('txtContent',
{
extraPlugins: 'bbcode',
removePlugins: 'bidi,button,dialogadvtab,div,filebrowser,flash,format,forms,horizontalrule,iframe,indent,justify,liststyle,pagebreak,showborders,stylescombo,table,tabletools,templates',
toolbar:
[
['Source', '-', 'Save', 'NewPage', '-', 'Undo', 'Redo'],
['Find', 'Replace', '-', 'SelectAll', 'RemoveFormat'],
['Link', 'Unlink', 'Image'],
'/',
['FontSize', 'Bold', 'Italic', 'Underline'],
['NumberedList', 'BulletedList', '-', 'Blockquote'],
['TextColor', '-', 'Smiley', 'SpecialChar', '-', 'Maximize']
],
smiley_images:
[
'regular_smile.gif', 'sad_smile.gif', 'wink_smile.gif', 'teeth_smile.gif', 'tounge_smile.gif',
'embaressed_smile.gif', 'omg_smile.gif', 'whatchutalkingabout_smile.gif', 'angel_smile.gif', 'shades_smile.gif',
'cry_smile.gif', 'kiss.gif'
],
smiley_descriptions:
[
'smiley', 'sad', 'wink', 'laugh', 'cheeky', 'blush', 'surprise',
'indecision', 'angel', 'cool', 'crying', 'kiss'
]
});
}
</script>
</head>
<body>
<textarea id="txtContent" rows="20" cols="100" placeholder="有什么感想?来说说!!"></textarea><br />
<input type="button" value="发布评论" id="btnAdd" />
</body>
</html>
将UBB编码转成HTML编码的工具类:
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using System.Web;
using System.Web.Hosting;
namespace Common
{
public class WebCommon
{
//将UBB编码转成HTML编码。1.[p]XXX[/p](数据库中的数据)---html可以解析的文本。2.<>(防XSS攻击)--->,<
public static string UbbToHtml(string argString)
{
string tString = argString;
if (tString != "")
{
Regex tRegex;
bool tState = true;
tString = tString.Replace("&", "&");
tString = tString.Replace(">", ">"); //防XSS攻击
tString = tString.Replace("<", "<");
tString = tString.Replace("\"", """);
tString = Regex.Replace(tString, @"\[br\]", "<br />", RegexOptions.IgnoreCase);
string[,] tRegexAry = {
{@"\[p\]([^\[]*?)\[\/p\]", "$1<br />"},
{@"\[b\]([^\[]*?)\[\/b\]", "<b>$1</b>"},
{@"\[i\]([^\[]*?)\[\/i\]", "<i>$1</i>"},
{@"\[u\]([^\[]*?)\[\/u\]", "<u>$1</u>"},
{@"\[ol\]([^\[]*?)\[\/ol\]", "<ol>$1</ol>"},
{@"\[ul\]([^\[]*?)\[\/ul\]", "<ul>$1</ul>"},
{@"\[li\]([^\[]*?)\[\/li\]", "<li>$1</li>"},
{@"\[code\]([^\[]*?)\[\/code\]", "<div class=\"ubb_code\">$1</div>"},
{@"\[quote\]([^\[]*?)\[\/quote\]", "<div class=\"ubb_quote\">$1</div>"},
{@"\[color=([^\]]*)\]([^\[]*?)\[\/color\]", "<font style=\"color: $1\">$2</font>"},
{@"\[hilitecolor=([^\]]*)\]([^\[]*?)\[\/hilitecolor\]", "<font style=\"background-color: $1\">$2</font>"},
{@"\[align=([^\]]*)\]([^\[]*?)\[\/align\]", "<div style=\"text-align: $1\">$2</div>"},
{@"\[url=([^\]]*)\]([^\[]*?)\[\/url\]", "<a href=\"$1\">$2</a>"},
{@"\[img\]([^\[]*?)\[\/img\]", "<img src=\"$1\" />"}
};
while (tState)
{
tState = false;
for (int ti = 0; ti < tRegexAry.GetLength(0); ti++)
{
tRegex = new Regex(tRegexAry[ti, 0], RegexOptions.IgnoreCase);
if (tRegex.Match(tString).Success)
{
tState = true;
tString = Regex.Replace(tString, tRegexAry[ti, 0], tRegexAry[ti, 1], RegexOptions.IgnoreCase);
}
}
}
}
return tString;
}
}
}
服务端中,通过工具类将数据库中的UBB编码转成HTML编码:
string 客户端Model.Msg =Common.WebCommon.UbbToHtml(数据库Model.Msg); //将UBB编码转成HTML编码