savetext() VS.cf_inputfilter - 孤独如雷的日志 - 网易博客
- 取得連結
- X
- 以電子郵件傳送
- 其他應用程式
savetext() VS.cf_inputfilter - 孤独如雷的日志 - 网易博客:
var mode = "escape";
var badTags = "SCRIPT,OBJECT,APPLET,EMBED,FORM,LAYER,ILAYER,FRAME,IFRAME,FRAMESET,PARAM,META";
var badEvents = "onClick,onDblClick,onKeyDown,onKeyPress,onKeyUp,onMouseDown,
onMouseOut,onMouseUp,onMouseOver,onBlur,onChange,onFocus,onSelect,_javascript_:";
var stripperRE = "";
var theText = trim(text);
var obracket = find("<",theText);
var badTag = "";
var nextStart = "";
if(arraylen(arguments) GT 1 AND isBoolean(arguments[2]) AND arguments[2]) mode = "strip";
if(arraylen(arguments) GT 2 and len(arguments[3])) badTags = arguments[3];
if(arraylen(arguments) GT 3 and len(arguments[4])) badEvents = arguments[4];
stripperRE = "]*>";
theText = replaceList(theText,chr(8216) & "," & chr(8217) & ","
& chr(8220) & ","& chr(8221) & "," & chr(8212) & "," & chr(8213) & "," & chr(8230),"',',"","",--,--,...");
if(mode is "escape"){
while(obracket){
badTag = REFindNoCase(stripperRE,theText,obracket,1);
if(badTag.pos[1]){theText = replace(theText,mid(TheText,badtag.pos[1],badtag.len[1]),
HTMLEditFormat(mid(TheText,badtag.pos[1],badtag.len[1])),"ALL");
nextStart = badTag.pos[1] + badTag.len[1];
}
else{ nextStart = obracket + 1;}
obracket = find("<",theText,nextStart);}}
else{
theText = REReplaceNoCase(theText,stripperRE,"","ALL"); }
theText = REReplaceNoCase(theText,(ListChangeDelims(badEvents,"|")),"","ALL");
return theText;}
savetext() VS.cf_inputfilter
在过滤url和表单form传递的value的时候,我们尝试了很多种方法,避免自己的网站受到跨站攻击,而cf在Allaire 的时代就提供了一个cf_inputfilter,而我一直都找不到,所以后来在Sophek Tounn mail给我的code上我看到了savetext()的功能还蛮强大的,就贴给大家看
var mode = "escape";
var badTags = "SCRIPT,OBJECT,APPLET,EMBED,FORM,LAYER,ILAYER,FRAME,IFRAME,FRAMESET,PARAM,META";
var badEvents = "onClick,onDblClick,onKeyDown,onKeyPress,onKeyUp,onMouseDown,
onMouseOut,onMouseUp,onMouseOver,onBlur,onChange,onFocus,onSelect,_javascript_:";
var stripperRE = "";
var theText = trim(text);
var obracket = find("<",theText);
var badTag = "";
var nextStart = "";
if(arraylen(arguments) GT 1 AND isBoolean(arguments[2]) AND arguments[2]) mode = "strip";
if(arraylen(arguments) GT 2 and len(arguments[3])) badTags = arguments[3];
if(arraylen(arguments) GT 3 and len(arguments[4])) badEvents = arguments[4];
stripperRE = "]*>";
theText = replaceList(theText,chr(8216) & "," & chr(8217) & ","
& chr(8220) & ","& chr(8221) & "," & chr(8212) & "," & chr(8213) & "," & chr(8230),"',',"","",--,--,...");
if(mode is "escape"){
while(obracket){
badTag = REFindNoCase(stripperRE,theText,obracket,1);
if(badTag.pos[1]){theText = replace(theText,mid(TheText,badtag.pos[1],badtag.len[1]),
HTMLEditFormat(mid(TheText,badtag.pos[1],badtag.len[1])),"ALL");
nextStart = badTag.pos[1] + badTag.len[1];
}
else{ nextStart = obracket + 1;}
obracket = find("<",theText,nextStart);}}
else{
theText = REReplaceNoCase(theText,stripperRE,"","ALL"); }
theText = REReplaceNoCase(theText,(ListChangeDelims(badEvents,"|")),"","ALL");
return theText;}
- 取得連結
- X
- 以電子郵件傳送
- 其他應用程式
留言
張貼留言