JS:
function StripHtml(html)
{
var scriptregex = "<scr" + "ipt[^>.]*>[sS]*?</sc" + "ript>";
var scripts = new RegExp(scriptregex, "gim");
html = html.replace(scripts, " ");
//Stripts the <style> tags from the html
var styleregex = "<style[^>.]*>[sS]*?</style>";
var styles = new RegExp(styleregex , "gim");
html = html.replace(styles, " ");
//Strips the HTML tags from the html
var objRegExp = new RegExp("<(.| )+?>", "gim");
var strOutput = html.replace(objRegExp, " ");
//Replace all < and > with < and >
strOutput = strOutput.replace(/</, "<");
strOutput = strOutput.replace(/>/, ">");
objRegExp = null;
return strOutput;
}
.NET:
<summary>
过滤不安全的HTML代码
</summary>
<param name="html"></param>
<returns></returns>
[AjaxPro.AjaxMethod()]
public String UnSafeHTMLFilter(string html)
{
Regex regex1 = new Regex(@"<script[\s\s]+</script *>", RegexOptions.IgnoreCase);
Regex regex2 = new Regex(@" href *= *[\s\s]*script *:", RegexOptions.IgnoreCase);
Regex regex3 = new Regex(@" on[\s\s]*=", RegexOptions.IgnoreCase);
Regex regex4 = new Regex(@"<iframe[\s\s]+</iframe *>", RegexOptions.IgnoreCase);
Regex regex5 = new Regex(@"<frameset[\s\s]+</frameset *>", RegexOptions.IgnoreCase);
html = regex1.Replace(html, ""); //过滤<script></script>标记
html = regex2.Replace(html, ""); //过滤href=javascript: (<a>) 属性
html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
html = regex4.Replace(html, ""); //过滤iframe
html = regex5.Replace(html, ""); //过滤frameset
return html;
}
温馨提示:内容为网友见解,仅供参考