asp常用的安全过滤判断函数

作者:袖梨 2022-07-02

Function outHTML(str)
 Dim sTemp
 sTemp = str
 outHTML = ""
 If IsNull(sTemp) = True Then
  Exit Function
 End If
 sTemp = Replace(sTemp, "&", "&")
 sTemp = Replace(sTemp, "<", "<")
 sTemp = Replace(sTemp, ">", ">")
 sTemp = Replace(sTemp, Chr(34), """)
 sTemp = Replace(sTemp, Chr(10), "
")
 outHTML = sTemp
End Function

' ============================================
' 去除Html格式,用于从数据库中取出值填入输入框时
' 注意:value="?"这边一定要用双引号
' ============================================
Function inHTML(str)
 Dim sTemp
 sTemp = str
 inHTML = ""
 If IsNull(sTemp) = True Then
  Exit Function
 End If
 sTemp = Replace(sTemp, "&", "&")
 sTemp = Replace(sTemp, "<", "<")
 sTemp = Replace(sTemp, ">", ">")
 sTemp = Replace(sTemp, Chr(34), """)
 inHTML = sTemp
End Function

' ============================================
' 检测上页是否从本站提交
' 返回:True,False
' ============================================
Function IsSelfRefer()
 Dim sHttp_Referer, sServer_Name
 sHttp_Referer = CStr(Request.ServerVariables("HTTP_REFERER"))
 sServer_Name = CStr(Request.ServerVariables("SERVER_NAME"))
 If Mid(sHttp_Referer, 8, Len(sServer_Name)) = sServer_Name Then
  IsSelfRefer = True
 Else
  IsSelfRefer = False
 End If
End Function

' ============================================
' 得到安全字符串,在查询中使用
' ============================================
Function Get_SafeStr(str)
 Get_SafeStr = Replace(Replace(Replace(Trim(str), "'", ""), Chr(34), ""), ";", "")
End Function

' ============================================
' 取实际字符长度
' ============================================
Function Get_TrueLen(str)
 Dim l, t, c, i
 l = Len(str)
 t = l
 For i = 1 To l
  c = Asc(Mid(str, i, 1))
  If c < 0 Then c = c + 65536
  If c > 255 Then t = t + 1
 Next
 Get_TrueLen = t
End Function

' ============================================
' 判断是否安全字符串,在注册登录等特殊字段中使用
' ============================================
Function IsSafeStr(str)
 Dim s_BadStr, n, i
 s_BadStr = "'  &<>?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32)
 n = Len(s_BadStr)
 IsSafeStr = True
 For i = 1 To n
  If Instr(str, Mid(s_BadStr, i, 1)) > 0 Then
   IsSafeStr = False
   Exit Function
  End If
 Next
End Function

 

相关文章

精彩推荐