C# 防XSS攻击 示例
2021-03-03 18:29
标签:写代码 int new insert test range ret case amp a: ]*| 下面是我目前选择的正则表达式,你可以根据需要进行修改 测试效果 C# 防XSS攻击 示例 标签:写代码 int new insert test range ret case amp 原文地址:https://www.cnblogs.com/for-easy-fast/p/12968860.html新建控制台程序,编写代码测试过滤效果
class Program
{
static void Main(string[] args)
{
//GetStrRegex();
Console.WriteLine("请输入字符串:");
string str = Console.ReadLine();
for (int i = 0; i 100; i++)
{
Test(str);
}
}
static void Test(string str)
{
Console.WriteLine("请输入正则表达式:");
string StrRegex = Console.ReadLine();
str = Regex.Replace(str, StrRegex, "", RegexOptions.IgnoreCase);
Console.WriteLine($"处理后的字符串为:{str}");
}
}
输入字符串测试及正则表达式,观察测试效果
字符串:
111
222
drop delete
b: ]+?style=[\w]+?:expression\(|\b(alert|confirm|prompt)\b|^\+/v(8|9)|]*?=[^>]*?[^>]*?>|\b(and|or)\b.{1,6}?(=|>|
经过多次测试,选择你所认为合适的正则表达式
static string GetStrRegex()
{
Liststring> strList = new Liststring>();
Liststring> htmlList = new Liststring>() { "","","","","","","","","javascript","onload","onerror","eval","alert","prompt"};
Liststring> sqlList = new Liststring>() { "select","update","delete","drop","trunc","exec","table","database","or","and"};
Liststring> chList = new Liststring>() { "//","--", "@", "&" ,"||"};
strList.AddRange(htmlList);
strList.AddRange(sqlList);
strList.AddRange(chList);
string strRegex = string.Join("|", strList.ToArray());
Console.WriteLine($"你的正则表达式是{strRegex}");
return strRegex;
}
