XSS攻击在最近很是流行,往往在某段代码里一不小心就会被人放上XSS攻击的代码,看到国外有人写上了函数,咱也偷偷懒,悄悄的贴上来... 原文如下: The goal of this function is to be a generic function that can be used to parse almost any input and render it XSS safe. For more information on actual XSS attacks, check out h…
参考链接: http://www.lanhusoft.com/Article/132.html 在core下,多少有些改动,其中js部分被注释掉了,如下: public static string FilterSql(string s) { if (string.IsNullOrEmpty(s)) return string.Empty; s = s.Trim().ToLower(); // s = ClearScript(s); s = s.Replace("=", "&q…