asp中常用的字符串安全处理函数集合(过滤特殊字符等)
更新时间:2020年09月14日 12:53:10 投稿:mdxy-dxy
在asp编写中,我们需要注意特殊字符串的处理,防止被黑客利用。使用asp的朋友一定要参考下。
我们在注册的时候经常需要判断客户输入的内容是否合法,或者在页面传递参数的时候要判断,是否有客户恶意添加参数进行SQL注入等,这就需要1个函数去判断检测。
' ============================================ ' 判断是否安全字符串,在注册登录等特殊字段中使用 ' ============================================ Function IsSafeStr(str) Dim s_BadStr, n, i s_BadStr = "' &<>?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32) n = Len(s_BadStr) IsSafeStr = True For i = 1 To n If Instr(str, Mid(s_BadStr, i, 1)) > 0 Then IsSafeStr = False Exit Function End If Next End Function
大家可以自行添加BadStr字符串里面的字符,增加你想要过滤的字符即可。
下面是其他网友的补充
'===================================== '转换内容,防止意外 '===================================== Function Content_Encode(ByVal t0) IF IsNull(t0) Or Len(t0)=0 Then Content_Encode="" Else Content_Encode=Replace(t0,"<","<") Content_Encode=Replace(Content_Encode,">",">") End IF End Function '===================================== '反转换内容 '===================================== Function Content_Decode(ByVal t0) IF IsNull(t0) Or Len(t0)=0 Then Content_Decode="" Else Content_Decode=Replace(t0,"<","<") Content_Decode=Replace(Content_Decode,">",">") End IF End Function '===================================== '过滤字符 '===================================== Function FilterText(ByVal t0,ByVal t1) IF Len(t0)=0 Or IsNull(t0) Or IsArray(t0) Then FilterText="":Exit Function t0=Trim(t0) Select Case t1 Case "1" t0=Replace(t0,Chr(32)," ") t0=Replace(t0,Chr(13),"") t0=Replace(t0,Chr(10)&Chr(10),"<br>") t0=Replace(t0,Chr(10),"<br>") Case "2" t0=Replace(t0,Chr(8),"")'回格 t0=Replace(t0,Chr(9),"")'tab(水平制表符) t0=Replace(t0,Chr(10),"")'换行 t0=Replace(t0,Chr(11),"")'tab(垂直制表符) t0=Replace(t0,Chr(12),"")'换页 t0=Replace(t0,Chr(13),"")'回车 chr(13)&chr(10) 回车和换行的组合 t0=Replace(t0,Chr(22),"") t0=Replace(t0,Chr(32),"")'空格 SPACE t0=Replace(t0,Chr(33),"")'! t0=Replace(t0,Chr(34),"")'" t0=Replace(t0,Chr(35),"")'# t0=Replace(t0,Chr(36),"")'$ t0=Replace(t0,Chr(37),"")'% t0=Replace(t0,Chr(38),"")'& t0=Replace(t0,Chr(39),"")'' t0=Replace(t0,Chr(40),"")'( t0=Replace(t0,Chr(41),"")') t0=Replace(t0,Chr(42),"")'* t0=Replace(t0,Chr(43),"")'+ t0=Replace(t0,Chr(44),"")', t0=Replace(t0,Chr(45),"")'- t0=Replace(t0,Chr(46),"")'. t0=Replace(t0,Chr(47),"")'/ t0=Replace(t0,Chr(58),"")': t0=Replace(t0,Chr(59),"")'; t0=Replace(t0,Chr(60),"")'< t0=Replace(t0,Chr(61),"")'= t0=Replace(t0,Chr(62),"")'> t0=Replace(t0,Chr(63),"")'? t0=Replace(t0,Chr(64),"")'@ t0=Replace(t0,Chr(91),"")'\ t0=Replace(t0,Chr(92),"")'\ t0=Replace(t0,Chr(93),"")'] t0=Replace(t0,Chr(94),"")'^ t0=Replace(t0,Chr(95),"")'_ t0=Replace(t0,Chr(96),"")'` t0=Replace(t0,Chr(123),"")'{ t0=Replace(t0,Chr(124),"")'| t0=Replace(t0,Chr(125),"")'} t0=Replace(t0,Chr(126),"")'~ Case Else t0=Replace(t0, "&", "&") t0=Replace(t0, "'", "'") t0=Replace(t0, """", """) t0=Replace(t0, "<", "<") t0=Replace(t0, ">", ">") End Select IF Instr(Lcase(t0),"expression")>0 Then t0=Replace(t0,"expression","e­xpression", 1, -1, 0) End If FilterText=t0 End Function '===================================== '过滤常见字符及Html '===================================== Function FilterHtml(ByVal t0) IF Len(t0)=0 Or IsNull(t0) Or IsArray(t0) Then FilterHtml="":Exit Function IF Len(Sdcms_Badhtml)>0 Then t0=ReplaceText(t0,"<(\/|)("&Sdcms_Badhtml&")", "<$1$2") IF Len(Sdcms_BadEvent)>0 Then t0=ReplaceText(t0,"<(.[^>]*)("&Sdcms_BadEvent&")", "<$1$2") t0=FilterText(t0,0) FilterHtml=t0 End Function Function GotTopic(ByVal t0,ByVal t1) IF Len(t0)=0 Or IsNull(t0) Then GotTopic="" Exit Function End IF Dim l,t,c, i t0=Replace(Replace(Replace(Replace(t0," "," "),""",chr(34)),">",">"),"<","<") l=Len(t0) t=0 For I=1 To l c=Abs(Asc(Mid(t0,i,1))) IF c>255 Then t=t+2 Else t=t+1 IF t>=t1 Then gotTopic=Left(t0,I)&"…" Exit For Else GotTopic=t0 End IF Next GotTopic=Replace(Replace(Replace(Replace(GotTopic," "," "),chr(34),"""),">",">"),"<","<") End Function Function UrlDecode(ByVal t0) Dim t1,t2,t3,i,t4,t5,t6 t1="" t2=False t3="" For I=1 To Len(t0) t4=Mid(t0,I,1) IF t4="+" Then t1=t1&" " ElseIF t4="%" Then t5=Mid(t0,i+1,2) t6=Cint("&H" & t5) IF t2 Then t2=False t1=t1&Chr(Cint("&H"&t3&t5)) Else IF Abs(t6)<=127 then t1=t1&Chr(t6) Else t2=True t3=t5 End IF End IF I=I+2 Else t1=t1&t4 End IF Next UrlDecode=t1 End Function Function CutStr(byVal t0,byVal t1) Dim l,t,c,i IF IsNull(t0) Then CutStr="":Exit Function l=Len(t0) t1=Int(t1) t=0 For I=1 To l c=Asc(Mid(t0,I,1)) IF c<0 Or c>255 Then t=t+2 Else t=t+1 IF t>=t1 Then CutStr=Left(t0,I)&"..." Exit For Else CutStr=t0 End IF Next End Function Function CloseHtml(ByVal t0) Dim t1,I,t2,t3,Regs,Matches,J,Match Set Regs=New RegExp Regs.IgnoreCase=True Regs.Global=True t1=Array("p","div","span","table","ul","font","b","u","i","h1","h2","h3","h4","h5","h6") For I=0 To UBound(t1) t2=0 t3=0 Regs.Pattern="\<"&t1(I)&"( [^\<\>]+|)\>" Set Matches=Regs.Execute(t0) For Each Match In Matches t2=t2+1 Next Regs.Pattern="\</"&t1(I)&"\>" Set Matches=Regs.Execute(t0) For Each Match In Matches t3=t3+1 Next For j=1 To t2-t3 t0=t0+"</"&t1(I)&">" Next Next CloseHtml=t0 End Function
以上就是asp中常用的字符串安全处理函数集合(过滤特殊字符等)的详细内容,更多关于字符串 安全处理的资料请关注脚本之家其它相关文章!
相关文章
ASP FSO文件操作函数代码(复制文件、重命名文件、删除文件、替换字符串)
FSO的意思是FileSystemObject,即文件系统对象。FSO对象模型包含在Scripting 类型库 (Scrrun.Dll)中,它同时包含了Drive、Folder、File、FileSystemObject和TextStream五个对象,用来操作文件和文件夹十分方便2011-05-05
最新评论