ASP防XSS注入函数
4647 点击·0 回帖
灯火互联
楼主
 |  | |
 | '防XSS注入函数 更新于2009-04-21 by evio '与checkstr()相比, checkxss更加安全 '************************************* Function Checkxss(byVal ChkStr) Dim Str Str = ChkStr If IsNull(Str) Then CheckStr = "" Exit Function End If Str = Replace(Str, ";", ";") Str = Replace(Str, "'", "´") Str = Replace(Str, """", """) Str = Replace(Str, "<", "<") Str = Replace(Str, ">", ">") Str = Replace(Str, "/", "/") Str = Replace(Str, "*", "*") Dim re Set re = New RegExp re.IgnoreCase = True re.Global = True re.Pattern = "(w)(here)" Str = re.Replace(Str, "$1here") re.Pattern = "(s)(elect)" Str = re.Replace(Str, "$1elect") re.Pattern = "(i)(nsert)" Str = re.Replace(Str, "$1nsert") re.Pattern = "(c)(reate)" Str = re.Replace(Str, "$1reate") re.Pattern = "(d)(rop)" Str = re.Replace(Str, "$1rop") re.Pattern = "(a)(lter)" Str = re.Replace(Str, "$1lter") re.Pattern = "(d)(elete)" Str = re.Replace(Str, "$1elete") re.Pattern = "(u)(pdate)" Str = re.Replace(Str, "$1pdate") re.Pattern = "(s)(or)" Str = re.Replace(Str, "$1or") re.Pattern = "( )" Str = re.Replace(Str, "$1or") '---------------------------------- re.Pattern = "(java)(script)" Str = re.Replace(Str, "$1script") re.Pattern = "(j)(script)" Str = re.Replace(Str, "$1script") re.Pattern = "(vb)(script)" Str = re.Replace(Str, "$1script") '---------------------------------- If Instr(Str, "expression") > 0 Then Str = Replace(Str, "expression", "e­xpression", 1, -1, 0) '防止xss注入 End If Set re = Nothing Checkxss = Str End Function 测试代码: <script> alert(/xss0/) </script> <img src= "javascript:alert(/xss1/) " width=100> <img src= "javascript:alert(/xss2/) " width=100> <img src= "javas cript:alert(/xss3/) " width=100> <img src= "# " onerror=alert(/xss4/)> <img src= "# "/**/onerror=alert(/xss5/) width=100> <img src= "# " style= "Xss:expression(alert(/xss6/)); "> <img src=";#x6a;#x61;#x76;#x61;#x73;#x63;#x72;#x69;#x70;#x74;#x3a;#x61;#x6c;#x65;#x72;#x74;#x28;#x27;#x58;#x53;#x53;#x27;#x29;#x3b"> <SCRIPT LANGUAGE="JavaScript"> eval("x6ax61x76x61x73x63x72x69x70x74x3ax61x6cx65x72x74x28x22x58x53x53x22x29") </SCRIPT> | |
 |  |