求一正则表达式,能删掉 FCKeditor等在线网页编辑器 所提交文字的所有不安全代码(客户端Javascritp)与服务器端C#代码。
如删除以下内容,及其中间所包含的 等等
<script> </script>
<form runat="server"> </form>
<% %>
等等
求一正则表达式,能删掉 FCKeditor等在线网页编辑器 所提交文字的所有不安全代码(客户端Javascritp)与服务器端C#代码。
如删除以下内容,及其中间所包含的 等等
<script> </script>
<form runat="server"> </form>
<% %>
等等
using System.Text.RegularExpressions;
public class StripHTMLTest{
public static void Main(){
string s=StripHTML("<HTML><HEAD><TITLE>中国石龙信息平台</TITLE></HEAD><BODY>faddfs龙信息平台</BODY></HTML>");
Console.WriteLine(s);
} public static string StripHTML(string strHtml){
string [] aryReg ={
@"<script[^>]*?>.*?</script>", @"<(\/\s*)?!?((\w+:)?\w+)(\w+(\s*=?\s*(([""'])(\\[""'tbnr]|[^\7])*?\7|\w+)|.{0})|\s)*?(\/\s*)?>",
@"([\r\n])[\s]+",
@"&(quot|#34);",
@"&(amp|#38);",
@"&(lt|#60);",
@"&(gt|#62);",
@"&(nbsp|#160);",
@"&(iexcl|#161);",
@"&(cent|#162);",
@"&(pound|#163);",
@"&(copy|#169);",
@"&#(\d+);",
@"-->",
@"<!--.*\n"
}; string [] aryRep = {
"",
"",
"",
"\"",
"&",
"<",
">",
" ",
"\xa1",//chr(161),
"\xa2",//chr(162),
"\xa3",//chr(163),
"\xa9",//chr(169),
"",
"\r\n",
""
}; string newReg =aryReg[0];
string strOutput=strHtml;
for(int i = 0;i<aryReg.Length;i++){
Regex regex = new Regex(aryReg[i],RegexOptions.IgnoreCase);
strOutput = regex.Replace(strOutput,aryRep[i]);
}
strOutput.Replace("<","");
strOutput.Replace(">","");
strOutput.Replace("\r\n","");
return strOutput;
}
}
/// 除去所有Script标记。
/// </summary>
/// <param name="input">需要被除去标记的代码块。</param>
/// <returns>已经被除去标记的代码块。</returns>
public string RemoveScriptTags(string input)
{
input = Regex.Replace(input, @"<script(.|\n)+</script>", "", RegexOptions.IgnoreCase);
return input;
}/// <summary>
/// 除去所有在HTML元素中的Script事件标记。
/// </summary>
/// <param name="input">需要被除去标记的代码块。</param>
/// <returns>已经被除去标记的代码块。</returns>
public string RemoveJavaScriptEventsFromTags(string input)
{
Regex regex = new Regex(@"</?([-\w]+)( [^>]+)?>");
input = regex.Replace(input, new MatchEvaluator(this.FixTag));
return input;
}/// <summary>
///
/// </summary>
/// <param name="tagMatch"></param>
/// <returns></returns>
private string FixTag(Match tagMatch)
{
Regex regex = new Regex(@" ([-\w]+)(=(""[^""]*""|'[^']*'|(#|_)?\w+))?"); //string pattern = @"onabort|onafterprint|onafterupdate|onbeforecopy|onbeforecut|onbeforeeditfocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondblclick|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror|onerrorupdate|onfilterchange|onfinish|onfocus|onhelp|onkeydown|onkeypress|onkeyup|onload|onlosecapture|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onpaste|onpropertychange|onreadystatechange|onreset|onresize|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onselect|onselectstart|onstart|onstop|onsubmit|onunload";
string pattern = @"on[^\b]*";
Regex regexEvent = new Regex(pattern, RegexOptions.IgnoreCase); string tag = tagMatch.Value; string retTag = ""; if (tag.IndexOf("</") == 0)
{
return tag.ToLower();
} string tagElement = tagMatch.Groups[1].Value.ToLower(); retTag = "<" + tagElement; MatchCollection mc = regex.Matches(tag); foreach (Match m in mc)
{
string expression = m.Value;
string attribute = m.Groups[1].Value; string value = m.Groups[3].Value.ToLower(); if (!regexEvent.IsMatch(attribute))
{
retTag = string.Concat(new string[5] { retTag, " ", attribute, "=", value });
}
} return (retTag + ">");
}