分享程序员开发的那些事...
更新时间:2022-09-27 15:06:54
第1步骤.新建过滤关键字实现类:ProcessRequest
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using SaaS.Admin.Base;
namespace SaaS.Admin.Controllers
{
public class ProcessRequest
{
public void ProcessCheckkeyWord()
{
#region 过滤URL提交过来的参数【检查是否存在关键字】
string[] keywors = { "javascript", "vbscript", "jscript", "script", "eval", "<", ">", "\'", "\"", "&", "#" };
string returnUrl="/";//url地址
try
{
string httpmethodType = System.Web.HttpContext.Current.Request.HttpMethod;
if (httpmethodType != "")
{
string haskeyword = "";
if (httpmethodType.ToLower() == "get")
{
System.Collections.Specialized.NameValueCollection geturlparm = System.Web.HttpContext.Current.Request.QueryString;
if (System.Web.HttpContext.Current.Request.UrlReferrer != null) //
{
returnUrl = System.Web.HttpContext.Current.Request.UrlReferrer.PathAndQuery.ToString();
}
int counts = geturlparm.AllKeys.Count();
string[] urlparms = geturlparm.AllKeys;
if (counts > 0 && urlparms.Length > 0)
{
for (int i = 0; i < urlparms.Length; i++)
{
string parmvalue = System.Web.HttpContext.Current.Request.QueryString[i];//对应参数值
for (int j = 0; j < keywors.Length; j++)
{
if (parmvalue != "" || !string.IsNullOrEmpty(parmvalue))
{
if (parmvalue.IndexOf(keywors[j].ToLower()) != -1)
{
haskeyword = haskeyword + keywors[j] + ",";
}
}
}
}
}
if (haskeyword != "")
{
string newkeyws = "";
if (haskeyword.EndsWith(","))
{
haskeyword = haskeyword.Substring(0, haskeyword.Length - 1);
#region 过滤掉重复出现的关键字符串
string[] keyws = haskeyword.Split(',');
if (keyws.Length > 0)
{
keyws = keyws.ToList().Distinct().ToArray();//过滤掉重复的字符
for (int i = 0; i < keyws.Length; i++)
{
if (i == 0)
{
newkeyws = keyws[i];
}
else
{
newkeyws = newkeyws + "," + keyws[i];
}
}
}
newkeyws = newkeyws.Replace("\'", "'").
Replace("\"", """);//把\'单引号,\"双引号修改为中文的单双引号
#endregion
}
string script = "<script>window.alert('参数存在不安全字符');" + " </" + "script>";
string strScript = "<script charset='utf-8' Language=Javascript>if( confirm('参数存在不安全字符:" + newkeyws + "') ) {window.history.back(-1); } else { window.history.back(-1);}</script>";
StringBuilder sb = new StringBuilder();
sb.Append("<html>");
sb.Append("<head>");
sb.Append("<meta charset=\"utf-8\" />");
sb.Append(strScript);
sb.Append("</head>");
sb.Append("</html>");
System.Web.HttpContext.Current.Response.Write(sb.ToString());
System.Web.HttpContext.Current.Response.End();
}
}
else if (httpmethodType.ToLower() == "post")
{
System.Collections.Specialized.NameValueCollection urlparm = System.Web.HttpContext.Current.Request.Form;
if (System.Web.HttpContext.Current.Request.UrlReferrer != null) //
{
returnUrl = System.Web.HttpContext.Current.Request.UrlReferrer.PathAndQuery.ToString();
}
int counts = urlparm.AllKeys.Count();
string[] urlparms = urlparm.AllKeys;
if (counts > 0 && urlparms.Length > 0)
{
for (int i = 0; i < urlparms.Length; i++)
{
string parmvalue = System.Web.HttpContext.Current.Request.Form[i];//对应参数值
for (int j = 0; j < keywors.Length; j++)
{
if (parmvalue != "" || !string.IsNullOrEmpty(parmvalue))
{
if (parmvalue.IndexOf(keywors[j].ToLower()) != -1)
{
haskeyword = haskeyword + keywors[j] + ",";
}
}
}
}
}
if (haskeyword != "")
{
if (haskeyword.EndsWith(","))
{
haskeyword = haskeyword.Substring(0, haskeyword.Length - 1);
#region 过滤掉重复出现的关键字符串
string[] keyws = haskeyword.Split(',');
string newkeyws = "";
if (keyws.Length>0)
{
keyws = keyws.ToList().Distinct().ToArray();//过滤掉重复的字符
for (int i = 0; i < keyws.Length; i++)
{
if (i == 0)
{
newkeyws = keyws[i];
}
else
{
newkeyws =newkeyws+ "," + keyws[i];
}
}
}
newkeyws = newkeyws.Replace("\'", "'").
Replace("\"", """);//把\'单引号,\"双引号修改为中文的单双引号
#endregion
string strScript = "<script charset='utf-8' Language=Javascript>if( confirm('参数存在不安全字符:" + newkeyws + "') ) {window.history.back(-1); } else { window.history.back(-1);}</script>";
StringBuilder sb=new StringBuilder();
sb.Append("<html>");
sb.Append("<head>");
sb.Append("<meta charset=\"utf-8\" />");
sb.Append(strScript);
sb.Append("</head>");
sb.Append("</html>");
System.Web.HttpContext.Current.Response.Write(sb.ToString());
System.Web.HttpContext.Current.Response.End();
//System.Web.HttpContext.Current.Response.Write("<script charset='utf-8' Language=Javascript>if( confirm('" + GetBytesKeyWord + "" + newkeyws + "') ) {document.location.href='" + returnUrl + "'; } else { document.location.href='" + returnUrl + "' }</script>");
//System.Web.HttpContext.Current.Response.End();
}
}
}
else if (httpmethodType.ToLower() == "head")
{
System.Web.HttpContext.Current.Response.Write("<script language=javascript>alert('参数存在不安全字符');window.location = '" + returnUrl + "';</script>");
System.Web.HttpContext.Current.Response.End();
}
else
{
System.Web.HttpContext.Current.Response.Write("<script language=javascript>alert('参数存在不安全字符');window.location = '" + returnUrl + "';</script>");
System.Web.HttpContext.Current.Response.End();
}
}
}
catch (Exception)
{
throw;
}
#endregion
}
}
}
第2步骤.在页面 Global.asax 》Global.asax.cs 》 调用ProcessRequest:ProcessCheckkeyWord()
protected void Application_BeginRequest(object sender, EventArgs e)
{
#region //整个项目过滤关键字
ProcessRequest process = new ProcessRequest();
process.ProcessCheckkeyWord();
#endregion
}
这样所有的页面输入框有关键字输入都进行过滤提示!!
本文转自程序猿博客51CTO博客,原文链接http://blog.51cto.com/haihuiwei/1956312如需转载请自行联系原作者
365850153