6miu盘搜

Dangerous Character Filtering Class (Latest Perfect Edition) (1)

xiaoxiao2021-03-06 67

Two days before the class to see the filter in a dangerous character of the Blog (URL not remember, let me know if the original author, we will link them together), now its about perfect: / * original author please contact me :( Contact) * Improved: Johnsuna (Ashan NET MSN: A3NEWS (AT) Hotmail.com) http://www.vcsharp.com*/using system; use system.io; useing system.text; using system.text.regularexpressions Using system.runtime.remoting; using system.runtime.remoting.proxies; using system.Runtime.Remoting.MESSAGING; Using System.Reflection;

Namespace FilterRealProxy {///

/// FilterRealProxy class: A real agent, blocking the return value of the method in the object itself, and filtering the return value that needs to be filtered. /// public class FilterRealProxy: RealProxy {private MarshalByRefObject target; public FilterRealProxy (MarshalByRefObject target): base (target.GetType ()) {this.target = target;} public override IMessage Invoke (IMessage msg) {IMethodCallMessage callMsg = msg as IMethodCallMessage; IMethodReturnMessage returnMsg = RemotingServices.ExecuteMessage (target, callMsg); // check the return value is a String, if not String, no need to filter if (this.IsMatchType (returnMsg.ReturnValue)) {string returnValue = this.Filter (returnMsg.ReturnValue.ToString (), returnMsg.MethodName); return new ReturnMessage (returnValue, null, 0, null, callMsg);} return returnMsg;} protected string Filter (string ReturnValue, string MethodName) {MethodInfo methodInfo = target.GetType () GetMethod (MethodName);. object [] attributes = methodInfo.GetCustomAttributes (typeof (StringFilter), true); foreach (object attrib in attributes) {return FilterHandler.Process (((StringFilter) attrib). Filtertype, Returnv Alue;} Return ReturnValue;} protected bool ismatchtype (object obj) {return.com;}}

///

/// StringFilter categories: from the filtration properties of class type definitions, defines target element /// public class StringFilter: Attribute {protected FilterType _filterType; public StringFilter (FilterType filterType) {this._filterType = FilTertype;} public filterTYPE FilType {get {return_filTelType;}}}

///

/// enumeration class: Used to specify a filter type, for example: filtering Script or filter HTML? /// [flags ()] public enum filterType {script = 1, html = 2, Object = 3, AhrefScript = 4, iframe = 5, FrameSet = 6, SRC = 7, Badwords = 8, // INCLUDE = 9, all = 16}

///

/// filter processing class: According to the filter type, call the corresponding filtering process method. /// public class FilterHandler {private FilterHandler () {} public static string Process (FilterType filterType, string filterContent) {switch (filterType) {case FilterType.Script: filterContent = FilterScript (filterContent); break; case FilterType .Html: filterContent = FilterHtml (filterContent); break; case FilterType.Object: filterContent = FilterObject (filterContent); break; case FilterType.AHrefScript: filterContent = FilterAHrefScript (filterContent); break; case FilterType.Iframe: filterContent = FilterIframe (filterContent ); break; case FilterType.Frameset: filterContent = FilterFrameset (filterContent); break; case FilterType.Src: filterContent = FilterSrc (filterContent); break; // case FilterType.Include: // filterContent = FilterInclude (filterContent); // Break; Case FilTertype.badwords: FilterContent = filterbadwords (filterContent); Break; Case Filtertype.all: FilterContent = FilterAll (filterContent); break; default: // do nothing break;} return filterContent;} public static string FilterScript (string content) {string commentPattern = @ "( 'comment' <- * - [?!.? / N / R] *>) "; String Embeddedscriptcomments = @" (///**/*/// |. *? [/ n / r]) "; string scriptpattern = String.Format (@" ( ? 'script' <[/ n / r] * script [^>] *> (. *? {0}?) * <[/ n / r] * / script [^>] *>) ", Embeddedscriptcomments) ; // contains comments and script statements string pattern = string.format (@ "({0} | {1})", CommentPattern, Scriptpattern;

return StripScriptAttributesFromTags (Regex.Replace (content, pattern, string.Empty, RegexOptions.IgnoreCase));} private static string StripScriptAttributesFromTags (string content) {string eventAttribs = @ "on (blur | c (hange | lick) | dblclick | focus | KeyPress | (KEY | MOUSE) (DOWN | UP) | (UN)? LOAD | MOUSE (MOVE | O (Ut | Ver)) | RESET | S (ELECT | UBMIT)) "; string pattern = string.format @ "(? INX) / <(/ w ) / s (? 'attribute' (? 'attributename' {0}) / s * = / s * (? 'delim' ['"]?) (? 'AttributeValue' [^ '"">] ) (/ 3)) | (?' attribute '(?' attributename'HREF) / S * = / s * (? 'delim' ['"]?) ( ? 'attributevalue'javascript [^' "">] ) (/ 3)) | [^>]) * /> ", Eventattribs); regex re = new regex (pattern); // Use Matchevaluator to delegate RETURN Re .Replace (Content, New Matchevaluator (Stripattribute) Shandler);

Private Static String StripattributeShandler (M.Groups ["Attribute"]. Success) {Return M.Value.Replace (M.Groups ["Attribute"]. Value, "");} else {Return M .Value;}}

public static string FilterAHrefScript (string content) {string newstr = FilterScript (content); string regexstr = @ "href [^ =] * = * [/ s / S] * script *:"; return Regex.Replace (newstr, regexstr String.empty, regexoptions.ignorecase;}

Public Static String Filtersrc (String NewStr = Filterscript); String RegexStr = @ "src * = * ['" "]? [^ /.] /. (JS | VBS | ASP | ASPX | PHP | jsp) [ ' ""] "; return Regex.Replace (newstr, regexstr, @" ", RegexOptions.IgnoreCase);} / * public static string FilterInclude (string content) {string newstr = FilterScript (content); string regexstr @ "<[/ s / s] * include * (file | virtual) * = * [/ s / s] * /. (JS | VBS | ASP | ASPX | PHP | JSP) [^>] *>" ; return Regex.Replace (newstr, regexstr, string.Empty, RegexOptions.IgnoreCase);} * / public static string FilterHtml (string content) {string newstr = FilterScript (content); string regexstr = @ "<[^>] * > "; return Regex.Replace (newstr, regexstr, string.Empty, RegexOptions.IgnoreCase);} public static string FilterObject (string content) {string regexstr = @" (? i)