Asp.Net 排出过滤特殊字符串
safe_360.cs
using System; using System.Collections.Generic; using System.Text.RegularExpressions; using System.Web; /// <summary> /// safe_360 的摘要说明 /// </summary> public class safe_360 { private const string StrRegex = @"<[^>]+?style=[\w]+?:expression\(|\b(alert|confirm|prompt)\b|^\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|<\s*img\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"; public static bool PostData() { bool result = false; for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++) { result = CheckData(HttpContext.Current.Request.Form[i].ToString()); if (result) { break; } } return result; } public static bool GetData() { bool result = false; try { for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++) { string curQ = HttpContext.Current.Request.QueryString[i].ToString(); result = CheckData(curQ); if (result) break; } } catch (HttpRequestValidationException hrve) { result = true; } return result; } public static bool CookieData() { bool result = false; for (int i = 0; i < HttpContext.Current.Request.Cookies.Count; i++) { result = CheckData(HttpContext.Current.Request.Cookies[i].Value.ToLower()); if (result) { break; } } return result; } public static bool referer() { bool result = false; return result = CheckData(HttpContext.Current.Request.UrlReferrer.ToString()); } public static bool CheckData(string inputData) { bool result = false; //为true 表示有恶意代码 if (Regex.IsMatch(inputData, StrRegex)) { result= true; } else { if (inputData.IndexOf("'==") > -1) { result = true; } else { result = (inputData.Contains("|") || inputData.Contains("&") || inputData.Contains(";") || inputData.Contains("$") || inputData.Contains("$") || inputData.Contains("'") || inputData.Contains("\"") || inputData.Contains("\\'") || inputData.Contains("\\\"") || inputData.Contains("<") || inputData.Contains(">") || inputData.Contains("(") || inputData.Contains(")") || inputData.Contains("+") || inputData.Contains("\r") || inputData.Contains("\n") || inputData.Contains(",") || inputData.Contains("\\")); } } return result; } }
Global.asax
protected void Application_BeginRequest(object sender, EventArgs e) { if (Request.Cookies != null) { if (safe_360.CookieData()) { Response.ContentType = "text/ plain;charset=utf-8"; Response.Write("您提交的Cookie数据有恶意字符!"); Response.End(); } } if (Request.UrlReferrer != null) { if (safe_360.referer()) { Response.ContentType = "text/ plain;charset=utf-8"; Response.Write("您提交的Referrer数据有恶意字符!"); Response.End(); } } if (Request.RequestType.ToUpper() == "POST") { if (safe_360.PostData()) { Response.ContentType = "text/ plain;charset=utf-8"; Response.Write("您提交的Post数据有恶意字符!"); Response.End(); } } if (Request.RequestType.ToUpper() == "GET") { if (safe_360.GetData()) { Response.ContentType= "text/ plain;charset=utf-8"; Response.Write("您提交的Get数据有恶意字符!"); Response.End(); } } }
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· ollama系列01:轻松3步本地部署deepseek,普通电脑可用
· 25岁的心里话
· 按钮权限的设计及实现
2016-12-07 寻找 IBatisNet 批量插入(批量复制) 的心路历程