www.gusucode.com > 动网论坛Dvbbs v8.3 > 动网论坛Dvbbs v8.3\code\源程序\inc\Const.asp
<!--#Include File="Dv_ClsMain.asp"-->
<%
Set MyBoardOnline=new Cls_UserOnlne
Dvbbs.GetForum_Setting
Dvbbs.CheckUserLogin
Function checkXHTML(XMLstr)
Dim XML,node
Set xml=Dvbbs.iCreateObject("msxml2.DOMDocument"& MsxmlVersion)
If xml.loadxml("<div>" & replace(XMLstr,"&","&") &"</div>") Then
checkXHTML=""
If xml.documentElement.getElementsByTagName("link").length >0 Then
checkXHTML="数据含前台禁止提交的标签""link"""
Exit Function
End If
If xml.documentElement.getElementsByTagName("iframe").length >0 Then
checkXHTML="数据含前台禁止提交的标签""iframe"""
Exit Function
End If
If xml.documentElement.getElementsByTagName("meta").length >0 Then
checkXHTML="数据含前台禁止提交的标签""meta"""
Exit Function
End If
If xml.documentElement.getElementsByTagName("script").length >0 Then
checkXHTML="数据含前台禁止提交的标签""script"""
Exit Function
End If
If xml.documentElement.getElementsByTagName("object").length >0 Then
checkXHTML="数据含前台禁止提交的标签""object"""
Exit Function
End If
If xml.documentElement.getElementsByTagName("embed").length >0 Then
checkXHTML="数据含前台禁止提交的标签""embed"""
Exit Function
End If
'href里的脚本
For Each Node in xml.documentElement.selectNodes("//a[@href]")
If InStr(LCase(Node.selectSingleNode("@href").text),"script:")>0 Then
checkXHTML="超级链接中含非法的脚本代码"
Exit For
End If
Next
If checkXHTML<>"" Then Exit Function
'过滤src里的脚本
For Each Node in xml.documentElement.selectNodes("//*[@src]")
If InStr(LCase(Node.selectSingleNode("@src").text),"script:")>0 Then
checkXHTML="图片地址中包含脚本命令"
Exit For
End If
Next
If checkXHTML<>"" Then Exit Function
'所有的事件属性
For Each Node in xml.documentElement.selectNodes("//@*")
If Left(Node.nodeName,2)="on" Then
checkXHTML="数据含前台禁止提交的属性"
Exit For
End If
Next
Else
checkXHTML="数据无法校验,数据不合法"
End If
Set xml=nothing
End Function
Function entity2Str(strText)
Dim s,match,po,i,re
s=replace(strText,"&","&")
If InStr(s,"\")=0 And InStr(s,"&#")=0 And InStr(s,"%")=0 and InStr(s,Chr(13))=0 and InStr(s,Chr(10))=0 and InStr(s,Chr(9))=0 and InStr(s," ")=0 and InStr(s,"/*")=0 and InStr(s,"*/")=0 Then
entity2Str=LCase(strText)
Exit Function
End If
Set re=new RegExp
re.IgnoreCase =true
re.Global=true
re.Pattern="(&#x)([0-9|a-z]{1,2})"
Set match = re.Execute(s)
For i= 0 to match.count -1
po=re.Replace(match.item(i),"$2")
po="&H"+po
If IsNumeric(po) Then
s=Replace(s,match.item(i),Chr(po))
End If
Next
re.Pattern="(�*)"
s=re.Replace(s,"&#")
re.Pattern="&#([0-9]{1,3})"
Set match = re.Execute(s)
For i= 0 to match.count -1
po=re.Replace(match.item(i),"$1")
s=Replace(s,"&#"&po&";",Chr(po))
s=Replace(s,"&#"&po&"",Chr(po))
Next
re.Pattern="(\\0*)"
s=re.Replace(s,"\")
re.Pattern="(\\)([0-9|a-z]{1,2})"
Set match = re.Execute(s)
For i= 0 to match.count -1
po=re.Replace(match.item(i),"$2")
po="&H"+po
If IsNumeric(po) Then
s=Replace(s,match.item(i),Chr(po))
End If
Next
Rem url编码转换
re.Pattern="(%)([0-9|a-z]{1,2})"
Set match = re.Execute(s)
For i= 0 to match.count -1
po=re.Replace(match.item(i),"$2")
po="&H"+po
If IsNumeric(po) Then
s=Replace(s,match.item(i),Chr(po))
End If
Next
s=replace(s,Chr(13),"")
s=replace(s,Chr(10),"")
s=replace(s,Chr(9),"")
s=replace(s," ","")
s=replace(s,"/*","")
s=replace(s,"*/","")
entity2Str=LCase(s)
Set Re =nothing
End Function
Function Dv_FilterJS(v)
Dim userface
If Not Isnull(V) Then
userface=entity2Str(v)
If InStr(userface,"script:")>0 or InStr(userface,"document.")>0 Or InStr(userface,"xss:") > 0 Or InStr(userface,"expression") > 0 Then
userface="http://bbs.cndw.com/images/zhutou.jpg"
End If
Dv_FilterJS=userface
End If
End Function
%>