filters.asp

电子商务网络购物系统

<%
Private Function checkHTML(ByVal strMessageInput)
	Dim strTempHTMLMessage
	Dim lngMessagePosition
	Dim intHTMLTagLength
	Dim strHTMLMessage

	For lngMessagePosition = 1 to CLng((Len(strMessageInput) * 1.5))
		If Mid(strMessageInput, lngMessagePosition, 1) = "" Then Exit For
		If Mid(strMessageInput, lngMessagePosition, 1) = "<" Then
			intHTMLTagLength = (InStr(lngMessagePosition, strMessageInput, ">", 1) - lngMessagePosition)
			strHTMLMessage = Mid(strMessageInput, lngMessagePosition, intHTMLTagLength + 1)
			strTempHTMLMessage = strHTMLMessage
			If InStr(1, strTempHTMLMessage, "href", 1) <> 0 Then
				strTempHTMLMessage = Replace(strTempHTMLMessage, "<", "**/**", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, ">", "**\**", 1, -1, 1)
				strTempHTMLMessage = formatLink(strTempHTMLMessage)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "**/**", "<", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "**\**", ">", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, ">", " target=""_blank"">", 1, -1, 1)
			End If

			If InStr(1, strTempHTMLMessage, "img", 1) <> 0 Then
				strTempHTMLMessage = Replace(strTempHTMLMessage, "<", "**/**", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, ">", "**\**", 1, -1, 1)
				strTempHTMLMessage = checkImages(strTempHTMLMessage)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "**/**", "<", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "**\**", ">", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, ">", " border=""0"">", 1, -1, 1)
			End If

			If InStr(1, strTempHTMLMessage, "href", 1) = 0 AND InStr(1, strTempHTMLMessage, "img", 1) = 0 Then
				strTempHTMLMessage = Replace(strTempHTMLMessage, "html", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "body", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "head", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "meta", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "button", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "input", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "type", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "select", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "radio", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "file", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "hidden", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "checkbox", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "password", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "blink", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "fieldset", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "javascript", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "vbscript", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "script", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "object", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "applet", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "embed", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "event", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "server", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "function", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "document", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "cookie", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "onclick", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "ondblclick", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "onkey", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "onmouse", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "onchange", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "accesskey", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "tabindex", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "onfocus", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "onblur", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "onsubmit", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "onreset", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "form", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "iframe", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "textarea", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "action", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "enctype", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "layer", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "multicol", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "frameset", "", 1, -1, 1)
				strTempHTMLMessage = Replace(strTempHTMLMessage, "marquee", "", 1, -1, 1)
				'strTempHTMLMessage = Replace(strTempHTMLMessage, "table", "", 1, -1, 1)
				'strTempHTMLMessage = Replace(strTempHTMLMessage, "tr", "", 1, -1, 1)
				'strTempHTMLMessage = Replace(strTempHTMLMessage, "td", "", 1, -1, 1)

			End If

			strTempHTMLMessage = formatInput(strTempHTMLMessage)
			strMessageInput = Replace(strMessageInput, strHTMLMessage, strTempHTMLMessage, 1, -1, 1)
		End If
	Next
	checkHTML = strMessageInput
End Function

Private Function checkImages(ByVal strInputEntry)
	Dim strImageFileExtension
	If inStr(1, strInputEntry, ".", 1) = 0 Then
		strInputEntry = ""
	Else
		strImageFileExtension = Mid(strInputEntry, InStrRev(strInputEntry, "."), 4)
		If NOT (strImageFileExtension = ".gif" OR strImageFileExtension = ".jpg" OR strImageFileExtension = ".jpe" OR strImageFileExtension = ".bmp" OR strImageFileExtension = ".png") Then
			strInputEntry = Replace(strInputEntry, strImageFileExtension, "", 1, -1, 1)
		End If
		strInputEntry = formatLink(strInputEntry)
		strInputEntry = Replace(strInputEntry, "?", "", 1, -1, 1)
	End If
	checkImages = strInputEntry
End Function

Private Function formatInput(ByVal strInputEntry)
	strInputEntry = Replace(strInputEntry, "script", "&#115;cript", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "SCRIPT", "&#083;CRIPT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Script", "&#083;cript", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "script", "&#083;cript", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "object", "&#111;bject", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "OBJECT", "&#079;BJECT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Object", "&#079;bject", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "object", "&#079;bject", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "applet", "&#097;pplet", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "APPLET", "&#065;PPLET", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Applet", "&#065;pplet", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "applet", "&#065;pplet", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "embed", "&#101;mbed", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "EMBED", "&#069;MBED", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Embed", "&#069;mbed", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "embed", "&#069;mbed", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "event", "&#101;vent", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "EVENT", "&#069;VENT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Event", "&#069;vent", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "event", "&#069;vent", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "document", "&#100;ocument", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "DOCUMENT", "&#068;OCUMENT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Document", "&#068;ocument", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "document", "&#068;ocument", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "cookie", "&#099;ookie", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "COOKIE", "&#067;OOKIE", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Cookie", "&#067;ookie", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "cookie", "&#067;ookie", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "form", "&#102;orm", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "FORM", "&#070;ORM", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Form", "&#070;orm", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "form", "&#070;orm", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "iframe", "i&#102;rame", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "IFRAME", "I&#070;RAME", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Iframe", "I&#102;rame", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "iframe", "i&#102;rame", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "textarea", "&#116;extarea", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "TEXTAREA", "&#84;EXTAREA", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Textarea", "&#84;extarea", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "textarea", "&#84;extarea", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "on", "&#111;n", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "ON", "&#079;N", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "On", "&#079;n", 1, -1, 0)