/// <summary>
/// Xss过滤器
/// </summary>
public class XssCleaner
{
private static List<KeyValuePair<string, Regex>> injectWords = new List<KeyValuePair<string, Regex>>();
/// <summary>
/// 静态构造函数
/// </summary>
static XssCleaner()
{
#region 关键字(可任意变更,不区分大小写)
injectWords.Add(new KeyValuePair<string, Regex>(@"alert", new Regex(@"alert\(.*\)", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"javascript", new Regex(@"javascript", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"document.", new Regex(@"document\.", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"script", new Regex(@"<\s*script.*>.*<\/\s*script\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"script", new Regex(@"<\s*script.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"applet", new Regex(@"<\s*applet.*>.*<\/\s*applet\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"applet", new Regex(@"<\s*applet.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frameset", new Regex(@"<\s*frameset.*>.*<\/\s*frameset\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frameset", new Regex(@"<\s*frameset.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"iframe", new Regex(@"<\s*iframe.*>.*<\/\s*iframe\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"iframe", new Regex(@"<\s*iframe.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frame", new Regex(@"<\s*frame.*>.*<\/\s*frame\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frame", new Regex(@"<\s*frame.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"img", new Regex(@"<\s*img.*>.*<\/\s*img\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"img", new Regex(@"<\s*img.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"link", new Regex(@"<\s*link.*>.*<\/\s*link\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"link", new Regex(@"<\s*link.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"object", new Regex(@"<\s*object.*>.*<\/\s*object\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"object", new Regex(@"<\s*object.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"style", new Regex(@"<\s*style.*>.*<\/\s*style\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"style", new Regex(@"<\s*style.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
#endregion
#region 符号(可任意变更,不区分大小写)
#endregion
}
/// <summary>
/// 过滤
/// </summary>
/// <param name="input">输入</param>
/// <returns>输出</returns>
public static string Clean(string input)
{
if (string.IsNullOrWhiteSpace(input))
{
return input;
}
injectWords.ForEach(injectWord =>
{
var startIndex = input.IndexOf(injectWord.Key, StringComparison.CurrentCultureIgnoreCase);
if (startIndex >= 0)
{
input = injectWord.Value.Replace(input, string.Empty);
}
});
return input;
}
}
/// Xss过滤器
/// </summary>
public class XssCleaner
{
private static List<KeyValuePair<string, Regex>> injectWords = new List<KeyValuePair<string, Regex>>();
/// <summary>
/// 静态构造函数
/// </summary>
static XssCleaner()
{
#region 关键字(可任意变更,不区分大小写)
injectWords.Add(new KeyValuePair<string, Regex>(@"alert", new Regex(@"alert\(.*\)", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"javascript", new Regex(@"javascript", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"document.", new Regex(@"document\.", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"script", new Regex(@"<\s*script.*>.*<\/\s*script\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"script", new Regex(@"<\s*script.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"applet", new Regex(@"<\s*applet.*>.*<\/\s*applet\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"applet", new Regex(@"<\s*applet.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frameset", new Regex(@"<\s*frameset.*>.*<\/\s*frameset\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frameset", new Regex(@"<\s*frameset.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"iframe", new Regex(@"<\s*iframe.*>.*<\/\s*iframe\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"iframe", new Regex(@"<\s*iframe.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frame", new Regex(@"<\s*frame.*>.*<\/\s*frame\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"frame", new Regex(@"<\s*frame.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"img", new Regex(@"<\s*img.*>.*<\/\s*img\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"img", new Regex(@"<\s*img.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"link", new Regex(@"<\s*link.*>.*<\/\s*link\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"link", new Regex(@"<\s*link.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"object", new Regex(@"<\s*object.*>.*<\/\s*object\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"object", new Regex(@"<\s*object.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"style", new Regex(@"<\s*style.*>.*<\/\s*style\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
injectWords.Add(new KeyValuePair<string, Regex>(@"style", new Regex(@"<\s*style.*/\s*>", RegexOptions.Compiled | RegexOptions.IgnoreCase)));
#endregion
#region 符号(可任意变更,不区分大小写)
#endregion
}
/// <summary>
/// 过滤
/// </summary>
/// <param name="input">输入</param>
/// <returns>输出</returns>
public static string Clean(string input)
{
if (string.IsNullOrWhiteSpace(input))
{
return input;
}
injectWords.ForEach(injectWord =>
{
var startIndex = input.IndexOf(injectWord.Key, StringComparison.CurrentCultureIgnoreCase);
if (startIndex >= 0)
{
input = injectWord.Value.Replace(input, string.Empty);
}
});
return input;
}
}