现在的位置: 网页制作教程网站制作教程 >正文
asp语言高级教程

asp网站编写函数防范XSS攻击

发表于2016/11/5 网站制作教程 0条评论 ⁄ 热度 2,128℃
导语:ASP网站在互联网中是一个很庞大量级,但是其不安全性也广受诟病。如果你对asp有很深刻的理解的话,其实这些都不是问题。

XSS攻击是一种很典型的攻击ASP程序方式,如果我们程序做到足够的健壮,XSS也只是一个纸老虎,我们同样可以将它拒之门外。

XSS攻击

今天特地编写了一个ASP函数用来防范XSS的攻击,下面是函数代码:

Function Safexss(byVal ChkStr)
Dim Str
Str = ChkStr
If IsNull(Str) Then
 CheckStr = ""
 Exit Function
End If
Str = Replace(Str, "&", "&")
Str = Replace(Str, "'", "´")
Str = Replace(Str, """", """)
Str = Replace(Str, "<", "<")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "/", "/")
Str = Replace(Str, "*", "*")
Dim re
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "(w)(here)"
Str = re.Replace(Str, "$1here")
re.Pattern = "(s)(elect)"
Str = re.Replace(Str, "$1elect")
re.Pattern = "(i)(nsert)"
Str = re.Replace(Str, "$1nsert")
re.Pattern = "(c)(reate)"
Str = re.Replace(Str, "$1reate")
re.Pattern = "(d)(rop)"
Str = re.Replace(Str, "$1rop")
re.Pattern = "(a)(lter)"
Str = re.Replace(Str, "$1lter")
re.Pattern = "(d)(elete)"
Str = re.Replace(Str, "$1elete")
re.Pattern = "(u)(pdate)"
Str = re.Replace(Str, "$1pdate")
re.Pattern = "(\s)(or)"
Str = re.Replace(Str, "$1or")
re.Pattern = "(\n)"
Str = re.Replace(Str, "$1or")
'----------------------------------
re.Pattern = "(java)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(j)(script)"
Str = re.Replace(Str, "$1script")
re.Pattern = "(vb)(script)"
Str = re.Replace(Str, "$1script")
'----------------------------------
If Instr(Str, "expression") > 0 Then
 '防止xss注入
 Str = Replace(Str, "expression", "e­xpression", 1, -1, 0)
End If
Set re = Nothing
Safexss = Str
End Function

如何使用Safexss函数防范XSS攻击

使用方法:Safexss(request.QueryString("变量")),或者Safexss(request.form("表单名"))

扩展阅读:asp程序的安全性

  • 暂无评论