public partial class SecretUtil { //正则过滤字符 private const string StrRegex = @"<[^>]+?style=[\w]+?:expression\(|\b(alert|confirm|prompt)\b|^\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|<\s*img\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"; /// <summary> /// POST请求 /// </summary> /// <param name="putData">输出非法字符串</param> /// <returns></returns> public static bool PostData(out string putData) { bool result = false; putData = string.Empty; for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++) { result = CheckData(HttpCo
防御诸如跨站脚本攻击XSS)、SQL注入攻击等恶意攻击
猜你喜欢
转载自blog.csdn.net/weixin_43097956/article/details/131383824
今日推荐
周排行