过滤js参数中的非法字符

为了应对XSS漏洞的攻击我们有必要对暴露在外面的参数进行合法性检查,可以使用如下js函数:

// 字符串去掉非法字符
removeInvalidChar : function(str)
{
  var codeArray = new Array(" ","<",">","'","\"",";","(",")","{","}","[","]",":","\\","/","$");
   //循环替换非法字符
  for (i = 0; i < codeArray.length; i++) {
    while (str.indexOf(codeArray[i]) != -1) {
         str = str.replace(codeArray[i], '');
    }
  }
  return str;
}

  

posted @ 2012-05-07 18:52  姜枫  阅读(456)  评论(0编辑  收藏  举报