.Replace 无效，这里该怎么写过滤

#region =====过滤html标签 RemoveHTML(string html)=====
        /// <summary>
        /// 过滤html
        /// </summary>
        /// <param name="html">需要过滤的字符串</param>
        /// <returns>过滤html后的字符串</returns>
        public static string RemoveHTML(string html)
        {
            html = Regex.Replace(html, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"-->", "", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"<!--.*", "", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"&#(\d+);", "", RegexOptions.IgnoreCase);
            html = Regex.Replace(html, @"<img[^>]*>;", "", RegexOptions.IgnoreCase);
            html.Replace("<", "");
            html.Replace(">", "");
            html.Replace("\r\n", "");
            //html = HttpContext.Current.Server.HtmlEncode(html).Trim();
            //html = HttpContext.Current.Server.HtmlDecode(html).Trim();
            return html;
        }
        #endregion

根据自己需要改下就能用了，你这是要避免XSS攻击吧。
    private string FilterHTML(string html)
           {
               System.Text.RegularExpressions.Regex regex1 =
                     new System.Text.RegularExpressions.Regex(@"<script[sS]+</script *>",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               System.Text.RegularExpressions.Regex regex2 =
                     new System.Text.RegularExpressions.Regex(@" href *= *[sS]*script *:",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               System.Text.RegularExpressions.Regex regex3 =
                     new System.Text.RegularExpressions.Regex(@" no[sS]*=",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               System.Text.RegularExpressions.Regex regex4 =
                     new System.Text.RegularExpressions.Regex(@"<iframe[sS]+</iframe *>",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               System.Text.RegularExpressions.Regex regex5 =
                     new System.Text.RegularExpressions.Regex(@"<frameset[sS]+</frameset *>",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               System.Text.RegularExpressions.Regex regex6 =
                     new System.Text.RegularExpressions.Regex(@"<img[^>]+>",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               System.Text.RegularExpressions.Regex regex7 =
                     new System.Text.RegularExpressions.Regex(@"</p>",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               System.Text.RegularExpressions.Regex regex8 =
                     new System.Text.RegularExpressions.Regex(@"<p>",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               System.Text.RegularExpressions.Regex regex9 =
                     new System.Text.RegularExpressions.Regex(@"<[^>]*>",
                     System.Text.RegularExpressions.RegexOptions.IgnoreCase);
               html = regex1.Replace(html, ""); //过滤<script></script>标记
               html = regex2.Replace(html, ""); //过滤href=javascript: (<A>) 属性
               html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
               html = regex4.Replace(html, ""); //过滤iframe
               html = regex5.Replace(html, ""); //过滤frameset
               html = regex6.Replace(html, ""); //过滤frameset
               html = regex7.Replace(html, ""); //过滤frameset
               html = regex8.Replace(html, ""); //过滤frameset
               html = regex9.Replace(html, "");
               //html = html.Replace(" ", "");
               html = html.Replace("</strong>", "");
               html = html.Replace("<strong>", "");
               html = Regex.Replace(html, "[\f\n\r\t\v]", "");  //过滤回车换行制表符
               return html;
           }

cyberarmy ，您好，谢谢您的回答，是这样，我这个代码
protected string Getlogtext(int rowIndex)
        {            return Utils.HtmlEncode(this.dv[rowIndex]["logtext"].ToString().PadRight(300, ' ').Substring(0, 300).Replace("<[^>]+>", ""));        }
是在另一个CS中，用以下的形式直接写在HTML 模版上 public static string showlogtext()
        {
            return "<%# Getlogtext(Container.ItemIndex) %>";        }
private string FilterHTML(string html)   您这个类，我写在CS中，如何调用和写在HTML上，，新手啊，，确定不知道怎么用，，麻烦您了

Relplace里怎么还带正则表达式。。
你可以这样：
string str=Utils.HtmlEncode(this.dv[rowIndex]["logtext"].ToString().PadRight(300, ' ').Substring(0, 300);
Regex regex=new Regex("<[^>]+>");
MatchCollection mc=regex.Matches(str);
foreach(Match match in mc)
{
str=str.Replace(match.Value.ToString(),"");
}return str;

#region 清除HTML标记
        public static string DropHTML(string Htmlstring)
        {
            if (string.IsNullOrEmpty(Htmlstring)) return "";
            //删除脚本
            Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
            //删除HTML
            Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
            Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);            Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);
            Htmlstring.Replace("<", "");
            Htmlstring.Replace(">", "");
            Htmlstring.Replace("\r\n", "");
            Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
            return Htmlstring;
        }
        #endregion        #region 清除HTML标记且返回相应的长度
        public static string DropHTML(string Htmlstring, int strLen)
        {
            return CutString(DropHTML(Htmlstring), strLen);
        }
        #endregion

调试易

.Replace 无效，这里该怎么写过滤

解决方案 »