溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
第1步驟.新建過濾關鍵字實現類:Proce***equest
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using SaaS.Admin.Base;
namespace SaaS.Admin.Controllers
{
public class Proce***equest
{
public void ProcessCheckkeyWord()
{
#region 過濾URL提交過來的參數【檢查是否存在關鍵字】
string[] keywors = { "javascript", "vbscript", "jscript", "script", "eval", "<", ">", "\'", "\"", "&", "#" };
string returnUrl="/";//url地址
try
{
string httpmethodType = System.Web.HttpContext.Current.Request.HttpMethod;
if (httpmethodType != "")
{
string haskeyword = "";
if (httpmethodType.ToLower() == "get")
{
System.Collections.Specialized.NameValueCollection geturlparm = System.Web.HttpContext.Current.Request.QueryString;
if (System.Web.HttpContext.Current.Request.UrlReferrer != null) //
{
returnUrl = System.Web.HttpContext.Current.Request.UrlReferrer.PathAndQuery.ToString();
}
int counts = geturlparm.AllKeys.Count();
string[] urlparms = geturlparm.AllKeys;
if (counts > 0 && urlparms.Length > 0)
{
for (int i = 0; i < urlparms.Length; i++)
{
string parmvalue = System.Web.HttpContext.Current.Request.QueryString[i];//對應參數值
for (int j = 0; j < keywors.Length; j++)
{
if (parmvalue != "" || !string.IsNullOrEmpty(parmvalue))
{
if (parmvalue.IndexOf(keywors[j].ToLower()) != -1)
{
haskeyword = haskeyword + keywors[j] + ",";
}
}
}
}
}
if (haskeyword != "")
{
string newkeyws = "";
if (haskeyword.EndsWith(","))
{
haskeyword = haskeyword.Substring(0, haskeyword.Length - 1);
#region 過濾掉重復出現的關鍵字符串
string[] keyws = haskeyword.Split(',');
if (keyws.Length > 0)
{
keyws = keyws.ToList().Distinct().ToArray();//過濾掉重復的字符
for (int i = 0; i < keyws.Length; i++)
{
if (i == 0)
{
newkeyws = keyws[i];
}
else
{
newkeyws = newkeyws + "," + keyws[i];
}
}
}
newkeyws = newkeyws.Replace("\'", "'").
Replace("\"", """);//把\'單引號,\"雙引號修改為中文的單雙引號
#endregion
}
string script = "<script>window.alert('參數存在不安全字符');" + " </" + "script>";
string strScript = "<script charset='utf-8' Language=Javascript>if( confirm('參數存在不安全字符:" + newkeyws + "') ) {window.history.back(-1); } else { window.history.back(-1);}</script>";
StringBuilder sb = new StringBuilder();
sb.Append("<html>");
sb.Append("<head>");
sb.Append("<meta charset=\"utf-8\" />");
sb.Append(strScript);
sb.Append("</head>");
sb.Append("</html>");
System.Web.HttpContext.Current.Response.Write(sb.ToString());
System.Web.HttpContext.Current.Response.End();
}
}
else if (httpmethodType.ToLower() == "post")
{
System.Collections.Specialized.NameValueCollection urlparm = System.Web.HttpContext.Current.Request.Form;
if (System.Web.HttpContext.Current.Request.UrlReferrer != null) //
{
returnUrl = System.Web.HttpContext.Current.Request.UrlReferrer.PathAndQuery.ToString();
}
int counts = urlparm.AllKeys.Count();
string[] urlparms = urlparm.AllKeys;
if (counts > 0 && urlparms.Length > 0)
{
for (int i = 0; i < urlparms.Length; i++)
{
string parmvalue = System.Web.HttpContext.Current.Request.Form[i];//對應參數值
for (int j = 0; j < keywors.Length; j++)
{
if (parmvalue != "" || !string.IsNullOrEmpty(parmvalue))
{
if (parmvalue.IndexOf(keywors[j].ToLower()) != -1)
{
haskeyword = haskeyword + keywors[j] + ",";
}
}
}
}
}
if (haskeyword != "")
{
if (haskeyword.EndsWith(","))
{
haskeyword = haskeyword.Substring(0, haskeyword.Length - 1);
#region 過濾掉重復出現的關鍵字符串
string[] keyws = haskeyword.Split(',');
string newkeyws = "";
if (keyws.Length>0)
{
keyws = keyws.ToList().Distinct().ToArray();//過濾掉重復的字符
for (int i = 0; i < keyws.Length; i++)
{
if (i == 0)
{
newkeyws = keyws[i];
}
else
{
newkeyws =newkeyws+ "," + keyws[i];
}
}
}
newkeyws = newkeyws.Replace("\'", "'").
Replace("\"", """);//把\'單引號,\"雙引號修改為中文的單雙引號
#endregion
string strScript = "<script charset='utf-8' Language=Javascript>if( confirm('參數存在不安全字符:" + newkeyws + "') ) {window.history.back(-1); } else { window.history.back(-1);}</script>";
StringBuilder sb=new StringBuilder();
sb.Append("<html>");
sb.Append("<head>");
sb.Append("<meta charset=\"utf-8\" />");
sb.Append(strScript);
sb.Append("</head>");
sb.Append("</html>");
System.Web.HttpContext.Current.Response.Write(sb.ToString());
System.Web.HttpContext.Current.Response.End();
//System.Web.HttpContext.Current.Response.Write("<script charset='utf-8' Language=Javascript>if( confirm('" + GetBytesKeyWord + "" + newkeyws + "') ) {document.location.href='" + returnUrl + "'; } else { document.location.href='" + returnUrl + "' }</script>");
//System.Web.HttpContext.Current.Response.End();
}
}
}
else if (httpmethodType.ToLower() == "head")
{
System.Web.HttpContext.Current.Response.Write("<script language=javascript>alert('參數存在不安全字符');window.location = '" + returnUrl + "';</script>");
System.Web.HttpContext.Current.Response.End();
}
else
{
System.Web.HttpContext.Current.Response.Write("<script language=javascript>alert('參數存在不安全字符');window.location = '" + returnUrl + "';</script>");
System.Web.HttpContext.Current.Response.End();
}
}
}
catch (Exception)
{
throw;
}
#endregion
}
}
}
第2步驟.在頁面 Global.asax 》Global.asax.cs 》 調用Proce***equest:ProcessCheckkeyWord()
protected void Application_BeginRequest(object sender, EventArgs e)
{
#region //整個項目過濾關鍵字
Proce***equest process = new Proce***equest();
process.ProcessCheckkeyWord();
#endregion
}
這樣所有的頁面輸入框有關鍵字輸入都進行過濾提示!!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
