📄 powereasy.common.security.asp
字号:
regEx.Pattern = "off(mousewheel\s*=\s*""*'*return\s*bbimg\(this\)'*""*)"
strInput = regEx.Replace(strInput, "on$1")
' 替换javascript
regEx.Pattern = "([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`'""]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:"
strInput = regEx.Replace(strInput, "$1=$2nojavascript...")
' 替换vbscript
regEx.Pattern = "([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`'""]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:"
strInput = regEx.Replace(strInput, "$1=$2novbscript...")
'替换style中的注释部分,比如:<div style="xss:expres/*comment*/sion(alert(x))">
regEx.Pattern = "(<[^>]+style[\x00-\x20]*=[\x00-\x20]*[^>]*?)/\*[^>]*\*/([^>]*>)"
strInput = regEx.Replace(strInput, "$1$2")
' 替换expression
regEx.Pattern = "(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([`'""]*).*[eeE][xxX][ppP][rrR][eeE][ssS][ssS][iiI][ooO][nnN][\x00-\x20]*[\(\(][^>]*>"
strInput = regEx.Replace(strInput, "$1>")
' 替换behaviour
regEx.Pattern = "(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([`'""]*).*behaviour[^>]*>>"
strInput = regEx.Replace(strInput, "$1>")
' 替换behavior
regEx.Pattern = "(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([`'""]*).*behavior[^>]*>>"
strInput = regEx.Replace(strInput, "$1>")
' 替换script
regEx.Pattern = "(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([`'""]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>"
strInput = regEx.Replace(strInput, "$1>")
' 替换namespaced elements 不需要
regEx.Pattern = "</*\w+:\w[^>]*>"
strInput = regEx.Replace(strInput, " ")
Dim oldhtmlString
oldhtmlString = ""
Do While oldhtmlString <> strInput
oldhtmlString = strInput
'实行严格过滤
regEx.Pattern = "</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>?"
strInput = regEx.Replace(strInput, " ")
'过滤掉SHTML的Include包含文件漏洞
regEx.Pattern = "<!--\s*#include[^>]*>"
strInput = regEx.Replace(strInput, "noshtml")
'If FilterLevel > 0 Then
' '实行严格过滤
' RegEx.Pattern = "</*(embed|object)[^>]*>"
' strInput = RegEx.Replace(strInput, "")
'End If
Loop
FilterJS = strInput
End Function
Private Function RemoveStr(str1, str2, strSplit)
If IsNull(str1) Or str1 = "" Then
RemoveStr = ""
Exit Function
End If
If IsNull(str2) Or str2 = "" Then
RemoveStr = str1
Exit Function
End If
If InStr(str1, strSplit) > 0 Then
Dim arrStr, tempStr, i
arrStr = Split(str1, strSplit)
For i = 0 To UBound(arrStr)
If arrStr(i) <> str2 Then
If tempStr = "" Then
tempStr = arrStr(i)
Else
tempStr = tempStr & strSplit & arrStr(i)
End If
End If
Next
RemoveStr = tempStr
Else
If str1 = str2 Then
RemoveStr = ""
Else
RemoveStr = str1
End If
End If
End Function
Private Function AppendStr(str1, str2, strSplit)
If IsNull(str2) Or str2 = "" Then
AppendStr = str1
Exit Function
End If
If IsNull(str1) Or str1 = "" Then
AppendStr = str2
Exit Function
End If
Dim Foundstr, arrStr, i
Foundstr = False
If InStr(str1, strSplit) > 0 Then
arrStr = Split(str1, strSplit)
For i = 0 To UBound(arrStr)
If arrStr(i) = str2 Then
Foundstr = True
Exit For
End If
Next
Else
If str1 = str2 Then
Foundstr = True
End If
End If
If Foundstr = False Then
AppendStr = str1 & strSplit & str2
Else
AppendStr = str1
End If
End Function
Private Function StyleDisplay(Compare1, Compare2)
If Compare1 = Compare2 Then
StyleDisplay = ""
Else
StyleDisplay = "none"
End If
End Function
Private Function IsRadioChecked(Compare1, Compare2)
If Compare1 = Compare2 Then
IsRadioChecked = " checked"
Else
IsRadioChecked = ""
End If
End Function
Private Function IsOptionSelected(Compare1, Compare2)
If Compare1 = Compare2 Then
IsOptionSelected = " selected"
Else
IsOptionSelected = ""
End If
End Function
Private Function FixJs(str)
If str <> "" Then
str = Replace(str, "'", "'")
str = Replace(str, "\", "\\")
str = Replace(str, Chr(34), "\""")
str = Replace(str, Chr(39), "\'")
str = Replace(str, Chr(13), "\n")
str = Replace(str, Chr(10), "\r")
str = Replace(str, "'", "'")
str = Replace(str, """", """)
End If
FixJs = str
End Function
Private Function Html2Js(str)
If str <> "" Then
str = Replace(str, Chr(34), "\""")
str = Replace(str, Chr(39), "\'")
str = Replace(str, Chr(13), "\n")
str = Replace(str, Chr(10), "\r")
End If
Html2Js = str
End Function
'==================================================
'函数名:ScriptHtml
'作 用:过滤html标记
'参 数:iConStr ------ 要过滤的字符串
'参 数:TagName ------ 字符串种型
'参 数:FType ------ 过滤的类型
'==================================================
Function ScriptHtml(ByVal iConStr, TagName, FType)
Dim ConStr
ConStr = iConStr
Select Case FType
Case 1
regEx.Pattern = "<" & TagName & "([^>])*>"
ConStr = regEx.Replace(ConStr, "")
Case 2
regEx.Pattern = "<" & TagName & "([^>])*>[\s\S]*?</" & TagName & "([^>])*>"
ConStr = regEx.Replace(ConStr, "")
Case 3
regEx.Pattern = "<" & TagName & "([^>])*>"
ConStr = regEx.Replace(ConStr, "")
regEx.Pattern = "</" & TagName & "([^>])*>"
ConStr = regEx.Replace(ConStr, "")
End Select
ScriptHtml = ConStr
End Function
'==================================================
'过程名:FilterScript
'作 用:脚本过滤
'==================================================
Function FilterScript(ByVal iContent, iScript)
If IsNull(iContent) = True Then Exit Function
If IsNull(iScript) = True Then
iScript = "0|0|0|0|0|0|0|0|0|0|0|0|0"
End If
Dim Script_Property, Content
Script_Property = Split(iScript, "|")
Content = iContent
If PE_CBool(Script_Property(0)) = True Then
Content = ScriptHtml(Content, "Iframe", 2)
End If
If PE_CBool(Script_Property(1)) = True Then
Content = ScriptHtml(Content, "Object", 2)
End If
If PE_CBool(Script_Property(2)) = True Then
Content = ScriptHtml(Content, "Script", 2)
End If
If PE_CBool(Script_Property(3)) = True Then
Content = ScriptHtml(Content, "Style", 2)
End If
If PE_CBool(Script_Property(4)) = True Then
Content = ScriptHtml(Content, "Div", 3)
End If
If PE_CBool(Script_Property(5)) = True Then
Content = ScriptHtml(Content, "Table", 3)
Content = ScriptHtml(Content, "Tbody", 3)
End If
If PE_CBool(Script_Property(6)) = True Then
Content = ScriptHtml(Content, "Tr", 3)
End If
If PE_CBool(Script_Property(7)) = True Then
Content = ScriptHtml(Content, "Td", 3)
End If
If PE_CBool(Script_Property(8)) = True Then
Content = ScriptHtml(Content, "Span", 3)
End If
If PE_CBool(Script_Property(9)) = True Then
Content = ScriptHtml(Content, "Img", 1)
End If
If PE_CBool(Script_Property(10)) = True Then
Content = ScriptHtml(Content, "Font", 3)
End If
If PE_CBool(Script_Property(11)) = True Then
Content = ScriptHtml(Content, "A", 3)
End If
If PE_CBool(Script_Property(12)) = True Then
Content = nohtml(Content)
End If
FilterScript = Content
End Function
'**************************************************
'函数名:ZeroToEmpty
'作 用:判断字符串是否等于"0",如果是将字符串置为空,用于JS生成处理
'参 数:str ---- 待处理的字符串
'**************************************************
Function ZeroToEmpty(str)
If str = "0" Then
ZeroToEmpty = ""
Else
ZeroToEmpty = str
End If
End Function
Function URLDecode(enStr)
Dim deStr
Dim c, i, v
deStr = ""
For i = 1 To Len(enStr)
c = Mid(enStr, i, 1)
If c = "%" Then
v = eval("&h" + Mid(enStr, i + 1, 2))
If v < 128 Then
deStr=deStr&chr(v)
i = i + 2
Else
If isvalidhex(Mid(enStr, i, 3)) Then
If isvalidhex(Mid(enStr, i + 3, 3)) Then
v = eval("&h" + Mid(enStr, i + 1, 2) + Mid(enStr, i + 4, 2))
deStr=deStr&chr(v)
i = i + 5
Else
v = eval("&h" + Mid(enStr, i + 1, 2) + CStr(Hex(Asc(Mid(enStr, i + 3, 1)))))
deStr=deStr&chr(v)
i = i + 3
End If
Else
destr=destr&c
End If
End If
Else
If c = "+" Then
deStr=deStr&" "
Else
deStr=deStr&c
End If
End If
Next
URLDecode = deStr
End Function
Function isIP(strng)
regEx.Pattern = "^(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$"
isIP = regEx.Test(strng)
End Function
Function EncodeIP(sip)
Dim strIP
strIP = Split(sip, ".")
If UBound(strIP) < 3 Then
EncodeIP = 0
Exit Function
End If
If IsNumeric(strIP(0)) = False Or IsNumeric(strIP(1)) = False Or IsNumeric(strIP(2)) = False Or IsNumeric(strIP(3)) = False Then
EncodeIP = 0
Else
EncodeIP = CDbl(strIP(0)) * 256 * 256 * 256 + CLng(strIP(1)) * 256 * 256 + CLng(strIP(2)) * 256 + CLng(strIP(3)) - 1
End If
End Function
Function DecodeIP(sip)
Dim s1, s21, s2, s31, s3, s4
sip = sip + 1
s1 = Int(sip / 256 / 256 / 256)
s21 = s1 * 256 * 256 * 256
s2 = Int((sip - s21) / 256 / 256)
s31 = s2 * 256 * 256 + s21
s3 = Int((sip - s31) / 256)
s4 = sip - s3 * 256 - s31
DecodeIP = CStr(s1) + "." + CStr(s2) + "." + CStr(s3) + "." + CStr(s4)
End Function
Function FilterBadTag(strContent, Inputer)
Dim rsAdmin
Set rsAdmin = Conn.Execute("select AdminName from PE_Admin where UserName='" & Inputer & "'")
If rsAdmin.bof And rsAdmin.EOF Then
FilterBadTag = FilterJS(strContent)
Else
FilterBadTag = strContent
End If
rsAdmin.Close
Set rsAdmin = Nothing
End Function
%>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -