📄 functions_filters.asp
字号:
<%
'****************************************************************************************
'** Copyright Notice
'**
'** Web Wiz Guide - Web Wiz Forums
'**
'** Copyright 2001-2005 Bruce Corkhill All Rights Reserved.
'**
'** This program is free software; you can modify (at your own risk) any part of it
'** under the terms of the License that accompanies this software and use it both
'** privately and commercially.
'**
'** All copyright notices must remain in tacked in the scripts and the
'** outputted HTML.
'**
'** You may use parts of this program in your own private work, but you may NOT
'** redistribute, repackage, or sell the whole or any part of this program even
'** if it is modified or reverse engineered in whole or in part without express
'** permission from the author.
'**
'** You may not pass the whole or any part of this application off as your own work.
'**
'** All links to Web Wiz Guide and powered by logo's must remain unchanged and in place
'** and must remain visible when the pages are viewed unless permission is first granted
'** by the copyright holder.
'**
'** This program is distributed in the hope that it will be useful,
'** but WITHOUT ANY WARRANTY; without even the implied warranty of
'** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER
'** WARRANTIES WHETHER EXPRESSED OR IMPLIED.
'**
'** You should have received a copy of the License along with this program;
'** if not, write to:- Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom.
'**
'**
'** No official support is available for this program but you may post support questions at: -
'** http://www.webwizguide.info/forum
'**
'** Support questions are NOT answered by e-mail ever!
'**
'** For correspondence or non support questions contact: -
'** info@webwizguide.info
'**
'** or at: -
'**
'** Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom
'**
'****************************************************************************************
'**********************************************
'*** Check HTML input for malicious code *****
'**********************************************
'Check images function
Private Function checkHTML(ByVal strMessageInput)
Dim strTempHTMLMessage 'Temporary message store
Dim lngMessagePosition 'Holds the message position
Dim intHTMLTagLength 'Holds the length of the HTML tags
Dim strHTMLMessage 'Holds the HTML message
Dim strTempMessageInput 'Temp store for the message input
Dim lngLoopCounter 'Loop counter
'Include the array of disallowed HTML tags
%><!--#include file="disllowed_HTML_tags_inc.asp" --><%
'Strip scripting
strMessageInput = Replace(strMessageInput, "<script language=""javascript"">", "", 1, -1, 1)
strMessageInput = Replace(strMessageInput, "<script language=javascript>", "", 1, -1, 1)
strMessageInput = Replace(strMessageInput, "<script language=""vbscript"">", "", 1, -1, 1)
strMessageInput = Replace(strMessageInput, "<script language=vbscript>", "", 1, -1, 1)
strMessageInput = Replace(strMessageInput, "</script>", "", 1, -1, 1)
'Place the message input into a temp store
strTempMessageInput = strMessageInput
'Loop through each character in the post message
For lngMessagePosition = 1 to CLng(Len(strMessageInput))
'If this is the end of the message then save some process time and jump out the loop
If Mid(strMessageInput, lngMessagePosition, 1) = "" Then Exit For
'If an HTML tag is found then move to the end of it so that we can strip the HTML tag and check it for malicious code
If Mid(strMessageInput, lngMessagePosition, 1) = "<" Then
'Get the length of the HTML tag
intHTMLTagLength = (InStr(lngMessagePosition, strMessageInput, ">", 1) - lngMessagePosition)
'Place the HTML tag back into the temporary message store
strHTMLMessage = Mid(strMessageInput, lngMessagePosition, intHTMLTagLength + 1)
'Place the HTML tag into a temporay variable store to be stripped of malcious code
strTempHTMLMessage = strHTMLMessage
'***** Filter Hyperlinks *****
'If this is an hyperlink tag then check it for malicious code
If InStr(1, strTempHTMLMessage, "href", 1) <> 0 Then
'Turn < and > into forum codes so they aren't stripped when checking links
strTempHTMLMessage = Replace(strTempHTMLMessage, "<", "**/**", 1, -1, 1)
strTempHTMLMessage = Replace(strTempHTMLMessage, ">", "**\**", 1, -1, 1)
'Call the format link function to strip malicious codes
strTempHTMLMessage = formatLink(strTempHTMLMessage)
'Turn **/** and **\** back from forum codes
strTempHTMLMessage = Replace(strTempHTMLMessage, "**/**", "<", 1, -1, 1)
strTempHTMLMessage = Replace(strTempHTMLMessage, "**\**", ">", 1, -1, 1)
'Format link tag
strTempHTMLMessage = Replace(strTempHTMLMessage, ">", " target=""_blank"">", 1, -1, 1)
End If
'***** Filter Image Tags *****
'If this is an Image tag then check it for malicious code
If InStr(1, strTempHTMLMessage, "img", 1) <> 0 AND InStr(1, strTempHTMLMessage, "src", 1) <> 0 Then
'Turn < and > into forum codes so they aren't stripped when checking links
strTempHTMLMessage = Replace(strTempHTMLMessage, "<", "**/**", 1, -1, 1)
strTempHTMLMessage = Replace(strTempHTMLMessage, ">", "**\**", 1, -1, 1)
'Call the check images function to strip malicious codes
strTempHTMLMessage = checkImages(strTempHTMLMessage)
'Turn **/** and **\** back from forum codes
strTempHTMLMessage = Replace(strTempHTMLMessage, "**/**", "<", 1, -1, 1)
strTempHTMLMessage = Replace(strTempHTMLMessage, "**\**", ">", 1, -1, 1)
'Format image tag
strTempHTMLMessage = Replace(strTempHTMLMessage, ">", " border=""0"">", 1, -1, 1)
End If
'***** Filter Unwanted HTML Tags *****
'If this is not an image or a link then cut all unwanted HTML out of the HTML tag
If InStr(1, strTempHTMLMessage, "href", 1) = 0 AND InStr(1, strTempHTMLMessage, "img", 1) = 0 Then
'Loop through the array of disallowed HTML tags
For lngLoopCounter = LBound(saryHTMLtags) To UBound(saryHTMLtags)
strTempHTMLMessage = Replace(strTempHTMLMessage, saryHTMLtags(lngLoopCounter), "", 1, -1, 1)
Next
End If
'***** Format Unwanted HTML Tags *****
'Strip out malicious code from the HTML that may have not been stripped but trying to sneak through in a hyperlink or image src
strTempHTMLMessage = formatInput(strTempHTMLMessage)
'Place the new fromatted HTML tag back into the message post
strTempMessageInput = Replace(strTempMessageInput, strHTMLMessage, strTempHTMLMessage, 1, -1, 1)
End If
Next
'Return the function
checkHTML = strTempMessageInput
End Function
'******************************************
'*** Check Images for malicious code *****
'******************************************
'Check images function
Private Function checkImages(ByVal strInputEntry)
Dim strImageFileExtension 'Holds the file extension of the image
Dim saryImageTypes 'Array holding allowed image types in the forum
Dim intExtensionLoopCounter 'Holds the loop counter for the array
Dim blnImageExtOK 'Set to true if the image extension is OK
'If there is no . in the link then there is no extenison and so can't be an image
If inStr(1, strInputEntry, ".", 1) = 0 Then
strInputEntry = ""
'Else remove malicious code and check the extension is an image extension
Else
'Initiliase variables
blnImageExtOK = false
'Get the file extension
strImageFileExtension = LCase(Mid(strInputEntry, InStrRev(strInputEntry, "."), 4))
'Get the image types allowed in the forum
strImageTypes = strImageTypes & ";gif;jpg;jpe;bmp;png"
'Place the image types into an array
saryImageTypes = Split(Trim(strImageTypes), ";")
'Loop through all the allowed extensions and see if the image has one
For intExtensionLoopCounter = 0 To UBound(saryImageTypes)
'Reformat extension to check
saryImageTypes(intExtensionLoopCounter) = "." & Trim(Mid(saryImageTypes(intExtensionLoopCounter), 1, 3))
'Check to see if the image extension is allowed
If saryImageTypes(intExtensionLoopCounter) = strImageFileExtension Then blnImageExtOK = true
Next
'If the image extension is not OK then strip it from the image link
If blnImageExtOK = false Then strInputEntry = Replace(strInputEntry, strImageFileExtension, "", 1, -1, 1)
'Call the format link function to strip malicious codes
strInputEntry = formatLink(strInputEntry)
'Chop out any querystring question marks that maybe in the image link
strInputEntry = Replace(strInputEntry, "?", "", 1, -1, 1)
End If
'Return
checkImages = strInputEntry
End Function
'********************************************
'*** Format Links *****
'********************************************
'Format links funtion
Private Function formatLink(ByVal strInputEntry)
'Remove malisous charcters from links and images
strInputEntry = Replace(strInputEntry, "document.cookie", ".", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "javascript:", "javascript ", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "vbscript:", "vbscript ", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "javascript :", "javascript ", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "vbscript :", "vbscript ", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "[", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "]", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "(", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ")", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "{", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "}", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "<", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ">", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "|", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "script", "script", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "object", "object", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "applet", "applet", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "embed", "embed", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "document", "document", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "cookie", "cookie", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "event", "event", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "on", "on", 1, -1, 1)
'Return
formatLink = strInputEntry
End Function
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -