JS:
function StripHtml(html)
{
var scriptregex = ".]*>[sS]*?";
var scripts = new RegExp(scriptregex, "gim");
html = html.replace(scripts, " ");
//Stripts the
var styleregex = "";
var styles = new RegExp(styleregex , "gim");
html = html.replace(styles, " ");
//Strips the HTML tags from the html
var objRegExp = new RegExp("", "gim");
var strOutput = html.replace(objRegExp, " ");
//Replace all < and > with < and >
strOutput = strOutput.replace(/, "
strOutput = strOutput.replace(/>/, ">");
objRegExp = null;
return strOutput;
}
.NET:
过滤不安全的HTML代码
[AjaxPro.AjaxMethod()]
public String UnSafeHTMLFilter(string html)
{
Regex regex1 = new Regex(@"
Regex regex2 = new Regex(@" href *= *[\s\s]*script *:", RegexOptions.IgnoreCase);
Regex regex3 = new Regex(@" on[\s\s]*=", RegexOptions.IgnoreCase);
Regex regex4 = new Regex(@"", RegexOptions.IgnoreCase);
Regex regex5 = new Regex(@"
", RegexOptions.IgnoreCase);html = regex1.Replace(html, ""); //过滤标记
html = regex2.Replace(html, ""); //过滤href=javascript: () 属性
html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
html = regex4.Replace(html, ""); //过滤iframe
html = regex5.Replace(html, ""); //过滤frameset
return html;
}