/// <summary>
/// 过滤标记
/// </summary>
/// 
<param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// 
<returns>已经去除标记后的文字</returns>
public static string NoHTML(string 
Htmlstring)
{
if (Htmlstring == null)
{
return 
"";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring, 
@"<script[^>]*?>.*?</script>", "", 
RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring, 
@"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, @"([/r/n])[/s]+", "", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"-->", 
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, 
@"<!--.*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "/"", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, 
@"&(amp|#38);", "&", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, @"&(lt|#60);", "<", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, 
@"&(gt|#62);", ">", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, 
@"&(iexcl|#161);", "/xa1", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, @"&(cent|#162);", "/xa2", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, 
@"&(pound|#163);", "/xa3", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, @"&(copy|#169);", "/xa9", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, 
@"&#(/d+);", "", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, "xp_cmdshell", "", 
RegexOptions.IgnoreCase);
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring, "select", "", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "insert", 
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "delete 
from", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, 
"count‘‘", "", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, "drop table", "", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "truncate", 
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "asc", 
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "mid", 
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "char", 
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, 
"xp_cmdshell", "", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, "exec master", "", 
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net 
localgroup administrators", "", RegexOptions.IgnoreCase);
Htmlstring = 
Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
return Htmlstring ;
}
}
asp.net防SQL/JS注入攻击:过滤标记,布布扣,bubuko.com
原文地址:http://www.cnblogs.com/wangluochong/p/3747545.html