asp通用安全字符串输入替换server.htmlencode

2008-4-8 寒川 网页编程

<%
' ============================================
' 通用安全字符串输入,彻底替换server.htmlencode
' ============================================
Function HTMLEncode(Str)
If Isnull(Str) Then
     HTMLEncode = ""
    Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
Str = Replace(Str, """", "&quot;", 1, -1, 1)
Str = Replace(Str,"<","&lt;", 1, -1, 1)
Str = Replace(Str,">","&gt;", 1, -1, 1)
Str = Replace(Str, "script", "&#115;cript", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "&#083;CRIPT", 1, -1, 0)
Str = Replace(Str, "Script", "&#083;cript", 1, -1, 0)
Str = Replace(Str, "script", "&#083;cript", 1, -1, 1)
Str = Replace(Str, "object", "&#111;bject", 1, -1, 0)
Str = Replace(Str, "OBJECT", "&#079;BJECT", 1, -1, 0)
Str = Replace(Str, "Object", "&#079;bject", 1, -1, 0)
Str = Replace(Str, "object", "&#079;bject", 1, -1, 1)
Str = Replace(Str, "applet", "&#097;pplet", 1, -1, 0)
Str = Replace(Str, "APPLET", "&#065;PPLET", 1, -1, 0)
Str = Replace(Str, "Applet", "&#065;pplet", 1, -1, 0)
Str = Replace(Str, "applet", "&#065;pplet", 1, -1, 1)
Str = Replace(Str, "[", "&#091;")
Str = Replace(Str, "]", "&#093;")
Str = Replace(Str, """", "", 1, -1, 1)
Str = Replace(Str, "=", "&#061;", 1, -1, 1)
Str = Replace(Str, "'", "''", 1, -1, 1)
Str = Replace(Str, "select", "sel&#101;ct", 1, -1, 1)
Str = Replace(Str, "execute", "&#101xecute", 1, -1, 1)
Str = Replace(Str, "exec", "&#101xec", 1, -1, 1)
Str = Replace(Str, "join", "jo&#105;n", 1, -1, 1)
Str = Replace(Str, "union", "un&#105;on", 1, -1, 1)
Str = Replace(Str, "where", "wh&#101;re", 1, -1, 1)
Str = Replace(Str, "insert", "ins&#101;rt", 1, -1, 1)
Str = Replace(Str, "delete", "del&#101;te", 1, -1, 1)
Str = Replace(Str, "update", "up&#100;ate", 1, -1, 1)
Str = Replace(Str, "like", "lik&#101;", 1, -1, 1)
Str = Replace(Str, "drop", "dro&#112;", 1, -1, 1)
Str = Replace(Str, "create", "cr&#101;ate", 1, -1, 1)
Str = Replace(Str, "rename", "ren&#097;me", 1, -1, 1)
Str = Replace(Str, "count", "co&#117;nt", 1, -1, 1)
Str = Replace(Str, "chr", "c&#104;r", 1, -1, 1)
Str = Replace(Str, "mid", "m&#105;d", 1, -1, 1)
Str = Replace(Str, "truncate", "trunc&#097;te", 1, -1, 1)
Str = Replace(Str, "nchar", "nch&#097;r", 1, -1, 1)
Str = Replace(Str, "char", "ch&#097;r", 1, -1, 1)
Str = Replace(Str, "alter", "alt&#101;r", 1, -1, 1)
Str = Replace(Str, "cast", "ca&#115;t", 1, -1, 1)
Str = Replace(Str, "exists", "e&#120;ists", 1, -1, 1)
Str = Replace(Str,Chr(13),"<br>", 1, -1, 1)
HTMLEncode = Replace(Str,"'","''", 1, -1, 1)
End Function
%>

把上面代码保存为新的文件,包括到需要转换的页面,调用方式:HTMLEncode("字符串")

标签: html 编程 asp

发表评论:

Powered by emlog 蜀ICP备12030225号

川公网安备 51042102000001号

sitemap