网站地图    收藏   

子栏目

主页 > 后端 > 网站安全 >

ASP防XSS注入函数 - 网站安全 - 自学php

来源:自学PHP网    时间:2015-04-17 13:03 作者: 阅读:

[导读] #39;防XSS注入函数 更新于2009-04-21 by evio#39;与checkstr()相比, checkxss更加安全#39;*************************************Function Checkxss(byVal ChkStr) Dim Str Str = ChkStr If IsN......

'防XSS注入函数 更新于2009-04-21 by evio
'与checkstr()相比, checkxss更加安全
'*************************************
Function Checkxss(byVal ChkStr)
    Dim Str
    Str = ChkStr
    If IsNull(Str) Then
        CheckStr = ""
        Exit Function
    End If
    Str = Replace(Str, "&", "&")
    Str = Replace(Str, "'", "´")
    Str = Replace(Str, """", """)
        Str = Replace(Str, "<", "<")
        Str = Replace(Str, ">", ">")
        Str = Replace(Str, "/", "/")
        Str = Replace(Str, "*", "*")
    Dim re
    Set re = New RegExp
    re.IgnoreCase = True
    re.Global = True
    re.Pattern = "(w)(here)"
    Str = re.Replace(Str, "$1here")
    re.Pattern = "(s)(elect)"
    Str = re.Replace(Str, "$1elect")
    re.Pattern = "(i)(nsert)"
    Str = re.Replace(Str, "$1nsert")
    re.Pattern = "(c)(reate)"
    Str = re.Replace(Str, "$1reate")
    re.Pattern = "(d)(rop)"
    Str = re.Replace(Str, "$1rop")
    re.Pattern = "(a)(lter)"
    Str = re.Replace(Str, "$1lter")
    re.Pattern = "(d)(elete)"
    Str = re.Replace(Str, "$1elete")
    re.Pattern = "(u)(pdate)"
    Str = re.Replace(Str, "$1pdate")
    re.Pattern = "(s)(or)"
    Str = re.Replace(Str, "$1or")
        re.Pattern = "( )"
    Str = re.Replace(Str, "$1or")
        '----------------------------------
        re.Pattern = "(java)(script)"
    Str = re.Replace(Str, "$1script")
        re.Pattern = "(j)(script)"
    Str = re.Replace(Str, "$1script")
        re.Pattern = "(vb)(script)"
    Str = re.Replace(Str, "$1script")
        '----------------------------------
        If Instr(Str, "expression") > 0 Then
                Str = Replace(Str, "expression", "e­xpression", 1, -1, 0) '防止xss注入
        End If
    Set re = Nothing
    Checkxss = Str
End Function
 
测试代码:
 
<script> alert(/xss0/) </script>
<img src= "javascript:alert(/xss1/) " width=100>
<img src= "javascript:alert(/xss2/) " width=100>
<img src= "javas cript:alert(/xss3/) " width=100>
<img src= "# " onerror=alert(/xss4/)>
<img src= "# "/**/onerror=alert(/xss5/) width=100>
<img src= "# " style= "Xss:expression(alert(/xss6/)); ">
 
<img src="&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3a&#x61&#x6c&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&#x3b">
 
<SCRIPT LANGUAGE="JavaScript">
eval("\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3a\x61\x6c\x65\x72\x74\x28\x22\x58\x53\x53\x22\x29")
</SCRIPT>

最新评论

    加载更多~~

    添加评论

    更多文章推荐

    自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

    京ICP备14009008号-1@版权所有www.zixuephp.com

    网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

    添加评论