方法一是去掉发布信息过程中的空格、‘、换行符
public static string FromSafeHtmlString(this string input)
{
StringBuilder sb = new StringBuilder();
sb.Append(HttpContext.Current.Server.HtmlDecode(input));
sb.Replace("<br/>", "\r\n");
sb.Replace(" ", " ");
sb.Replace("'", "'");
return sb.ToString();
}
方法二是直接移除掉相关的危险html,这个方法主要用于文本编辑器
public static string RemoveDangerHtml(this string input)
{
input = Regex.Replace(input, "<html[^>]*?>.*?</html>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<html[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<body[^>]*?>.*?</body>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<body[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<meta[^>]*?>.*?</meta>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<meta[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<frame[^>]*?>.*?</frame>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<frame[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<frameset[^>]*?>.*?</frameset>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<frameset[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<iframe[^>]*?>.*?</iframe>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<iframe[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<layer[^>]*?>.*?</layer>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<layer[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<ilayer[^>]*?>.*?</ilayer>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<ilayer[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<applet[^>]*?>.*?</applet>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<applet[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, @"<script(?:[^>]*?)>(?:[^<]*?)<\/script(?:[^>]*?)>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<script[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<link[^>]*?>.*?</link>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<link[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<style[^>]*?>.*?</style>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<style[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<form[^>]*?>.*?</form>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<form[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<input[^>]*?>.*?</input>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<input[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<button[^>]*?>.*?</button>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<button[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<textarea[^>]*?>.*?</textarea>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<textarea[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<select[^>]*?>.*?</select>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "<select[^>]*?/>", "", RegexOptions.Multiline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "on[a-z]+?=\"[^\"]+\"", "", RegexOptions.Singleline | RegexOptions.IgnoreCase);
input = Regex.Replace(input, "on[a-z]+?='[^']+'", "", RegexOptions.Singleline | RegexOptions.IgnoreCase);
return input;
}
方法三是移除相关javascript内容
public static string RemoveHtmlScript(this string htmlString)
{
htmlString = Regex.Replace(htmlString, @"<script[^>]*?>\s*.*\s*</script>", "", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, @"<style([\s\S]*)</style>", "", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, "<(.[^>]*)>", "", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, "-->", "", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, "<!--.*", "", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, "&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, "&(iexcl|#161);", "\x00a1", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, "&(cent|#162);", "\x00a2", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, "&(pound|#163);", "\x00a3", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, "&(copy|#169);", "\x00a9", RegexOptions.IgnoreCase);
htmlString = Regex.Replace(htmlString, @"&#(\d+);", "", RegexOptions.IgnoreCase);
htmlString.Replace("<", "");
htmlString.Replace(">", "");
htmlString.Replace("\r\n", "");
return htmlString;
}
方法四是替换掉<、>、‘
public static string ToSafeHtmlString(this string input)
{
if (string.IsNullOrEmpty(input))
{
return string.Empty;
}
StringBuilder sb = new StringBuilder();
sb.Append(HttpContext.Current.Server.HtmlEncode(input));
sb.Replace("\r\n", "<br/>");
sb.Replace(" ", " ");
sb.Replace("\n", "<br/>");
sb.Replace("'", "'");
return sb.ToString();
}
以上方法调用很简单,textbox.方法名()就可已执行相应的操作。以上方法是扩展了string类
