.NET ------ 查询和识别js 脚本
将js脚本编码,躲避 .NET 的检查,然后再解码
解决
对编码的字符串解码
借助控件
<asp:GridView ID="GridViewData" runat="server" OnRowDataBound="GridViewData_RowDataBound"> </asp:GridView>
实现
protected void GridViewData_RowDataBound(object sender, GridViewRowEventArgs e) { //格式问题 GridViewRow gvr = e.Row; for(int i=0;i<=gvr.Cells .Count -1;i++) { gvr.Cells[i].Attributes.Add("style", "vnd.ms-excel.numberformat:@"); } //对编码字符串解码 if (e.Row.RowType == DataControlRowType.DataRow) { TableCellCollection cells = e.Row.Cells; foreach (TableCell cell in cells) { cell.Text = Server.HtmlDecode(cell.Text); } } }
加上后
编码控件
<%@ Control Language="C#" AutoEventWireup="true" CodeFile="WebHtmlTextBox.ascx.cs" Inherits="CommonDrops_WebHtmlTextBox" %> <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox> <asp:Literal ID="Literal1" runat="server"></asp:Literal><asp:HiddenField ID="HiddenField1" runat="server" />
cs 文件
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; public partial class CommonDrops_WebHtmlTextBox : System.Web.UI.UserControl { protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { this.Literal1.Text = ConvertHtmlBianMaByScript(this.TextBox1, this.HiddenField1); } } public void SetTextBox(Button button) { this.TextBox1.TextMode = TextBoxMode.MultiLine; button.OnClientClick = "return converthtml" + TextBox1.ID + "()"; } public void SetTextBox(Button button,int iRow,bool isPixel,int iWidth) { this.TextBox1.TextMode = TextBoxMode.MultiLine; button.OnClientClick = "return converthtml" + TextBox1.ID + "()"; if (isPixel) { this.TextBox1.Width = Unit.Pixel(iWidth); } else { this.TextBox1.Width = Unit.Percentage(iWidth); } this.TextBox1.Rows = iRow; } public TextBox _TextBox { get { return this.TextBox1; } set { this.TextBox1 = value; this.Literal1.Text = ConvertHtmlBianMaByScript(this.TextBox1, this.HiddenField1); } } public string _Value { get { string s = ConvertHtmlJieMaByCs(this.HiddenField1.Value); this.TextBox1.Text = s; return s; } } public string ConvertHtmlBianMaByScript(TextBox tb, HiddenField hid) { string script = string.Empty; script += "<script type=\"text/javascript\">"; script += "function converthtml" + tb.ID + "()"; script += "{"; script += "var txt=document .getElementById (\"" + tb.ClientID + "\").value;"; script += "txt=txt.replace(/</g,\"01^01\");"; script += "txt=txt.replace(/>/g,\"02^02\");"; script += "txt=txt.replace(/\"/g,\"03^03\");"; script += "txt=txt.replace(/=/g,\"04^04\");"; script += "txt=txt.replace(/ /g,\"11^11\");"; script += "txt=txt.replace(/function/g,\"12^12\");"; script += "txt=txt.replace(/;/g,\"13^13\");"; script += "txt=txt.replace(/http/g,\"14^14\");"; script += "txt=txt.replace(/{/g,\"15^15\");"; script += "txt=txt.replace(/}/g,\"16^16\");"; script += "txt=txt.replace(/:/g,\"17^17\");"; script += "txt=txt.replace(/;/g,\"18^18\");"; script += "txt=txt.replace(/script/g,\"19^19\");"; //script += "alert(txt);"; script += "document .getElementById (\"" + hid.ClientID + "\").value=txt;"; script += "document .getElementById (\"" + tb.ClientID + "\").value=\"\";"; script += "return true;"; script += "}"; script += "</script> "; return script; } public string ConvertHtmlJieMaByCs(object obj) { if (obj == null) return string.Empty; string script = obj.ToString(); if (script == string.Empty) return string.Empty; script = script.Replace("01^01", "<"); script = script.Replace("02^02", ">"); script = script.Replace("03^03", "\""); script = script.Replace("04^04", "="); script = script.Replace("11^11", " "); script = script.Replace("12^12", "function"); script = script.Replace("13^13", ";"); script = script.Replace("14^14", "http"); script = script.Replace("15^15", "{"); script = script.Replace("16^16", "}"); script = script.Replace("17^17", ":"); script = script.Replace("18^18", ";"); script = script.Replace("19^19", "script"); return script; } }
