下面是兩個過濾的方法?

/// <summary>/// 此處過濾危險HTML方法/// </summary>/// <param name="html">html</param>/// <returns></returns>private string FilterHTML(string html){if (html == null)return "";//過濾 scriptRegex regex_script1 = new Regex("(<script[//s//S]*?///script//s*>)", RegexOptions.IgnoreCase);Regex regex_script2 = new Regex("(<(script[//s//S]*?)>)", RegexOptions.IgnoreCase);html = regex_script1.Replace(html, "");html = regex_script1.Replace(html, "");//過濾 <iframe> 標簽Regex regex_iframe1 = new Regex("(<iframe [//s//S]+<iframe//s*>)", RegexOptions.IgnoreCase);Regex regex_iframe2 = new Regex("(<(iframe [//s//S]*?)>)", RegexOptions.IgnoreCase);html = regex_iframe1.Replace(html, "");html = regex_iframe2.Replace(html, "");//過濾 <frameset> 標簽Regex regex_frameset1 = new Regex("(<frameset [//s//S]+<frameset //s*>)", RegexOptions.IgnoreCase);Regex regex_frameset2 = new Regex("(<(frameset [//s//S]*?)>)", RegexOptions.IgnoreCase);html = regex_frameset1.Replace(html, "");html = regex_frameset2.Replace(html, "");//過濾 <frame> 標簽Regex regex_frame1 = new Regex("(<frame[//s//S]+<frame //s*>)", RegexOptions.IgnoreCase);Regex regex_frame2 = new Regex("(<(frame[//s//S]*?)>)", RegexOptions.IgnoreCase);html = regex_frame1.Replace(html, "");html = regex_frame2.Replace(html, "");//過濾 <form> 標簽Regex regex_form1 = new Regex("(<(form [//s//S]*?)>)", RegexOptions.IgnoreCase);Regex regex_form2 = new Regex("(<(/form[//s//S]*?)>)", RegexOptions.IgnoreCase);html = regex_form1.Replace(html, "");html = regex_form2.Replace(html, "");//過濾 on: 的事件//過濾on 帶單引號的 過濾on 帶雙引號的 過濾on 不帶有引號的string regOn = @"<[//s//S]+ (on)[a-zA-Z]{4,20} *= *[//S ]{3,}>";string regOn2 = @"((on)[a-zA-Z]{4,20} *= *'[^']{3,}')|((on)[a-zA-Z]{4,20} *= */""[^/""]{3,}/"")|((on)[a-zA-Z]{4,20} *= *[^>/ ]{3,})";html = GetReplace(html, regOn, regOn2, "");//過濾 javascript: 的事件regOn = @"<[//s//S]+ (href|src|background|url|dynsrc|expression|codebase) *= *[ /""/']? *(javascript:)[//S]{1,}>";regOn2 = @"(' *(javascript|vbscript):([//S^'])*')|(/"" *(javascript|vbscript):[//S^/""]*/"")|([^=]*(javascript|vbscript):[^/> ]*)";html = GetReplace(html, regOn, regOn2, "");return html;}/// <summary>/// 正則雙重過濾/// </summary>/// <param name="content"></param>/// <param name="splitKey1"></param>/// <param name="splitKey2"></param>/// <param name="newChars"></param>/// <returns></returns>private string GetReplace(string content, string splitKey1, string splitKey2, string newChars){//splitKey1 第一個正則式匹配//splitKey2 匹配結果中再次匹配進行替換if (splitKey1 != null && splitKey1 != "" && splitKey2 != null && splitKey2 != ""){Regex rg = new Regex(splitKey1);System.Text.RegularExpressions.MatchCollection mc = rg.Matches(content);foreach (System.Text.RegularExpressions.Match mc1 in mc){string oldChar = mc1.ToString();string newChar = new Regex(splitKey2, RegexOptions.IgnoreCase).Replace(oldChar, newChars);content = content.Replace(oldChar, newChar);}return content;}else{if (splitKey2 != null && splitKey2 != ""){Regex rg = new Regex(splitKey2, RegexOptions.IgnoreCase);return rg.Replace(content, newChars);}}return content;}

使用的時候

?

this.content.InnerHtml = FilterHTML(studentQuestionInfo.Description);

?

轉載于:https://www.cnblogs.com/maijin/p/3396373.html

總結

以上是生活随笔為你收集整理的C# 正则表达式过滤危险HTML的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。