Блог программиста Еремина Вячеслава Викторовича

00001: Friend Class CrossSiteScriptingValidation
00002:     Private Shared Function IsAtoZ(ByVal c As Char) As Boolean
00003:         Return (((c >= "a"c) AndAlso (c <= "z"c)) OrElse ((c >= "A"c) AndAlso (c <= "Z"c)))
00004:     End Function
00005: 
00006:     Friend Shared Function IsDangerousString(ByVal s As String, <Out> ByRef matchIndex As Integer) As Boolean
00007:         matchIndex = 0
00008:         Dim startIndex As Integer = 0
00009:         Do While True
00010:             Dim num2 As Integer = s.IndexOfAny(CrossSiteScriptingValidation.startingChars, startIndex)
00011:             If (num2 < 0) Then
00012:                 Return False
00013:             End If
00014:             If (num2 = (s.Length - 1)) Then
00015:                 Return False
00016:             End If
00017:             matchIndex = num2
00018:             Dim ch As Char = s.Chars(num2)
00019:             If (ch <> "&"c) Then
00020:                 If ((ch = "<"c) AndAlso ((CrossSiteScriptingValidation.IsAtoZ(s.Chars((num2 + 1))) OrElse (s.Chars((num2 + 1)) = "!"c)) OrElse (s.Chars((num2 + 1)) = "/"c))) Then
00021:                     Return True
00022:                 End If
00023:             ElseIf (s.Chars((num2 + 1)) = "#"c) Then
00024:                 Return True
00025:             End If
00026:             startIndex = (num2 + 1)
00027:         Loop
00028:     End Function
00029: 
00030:     Friend Shared Function IsDangerousUrl(ByVal s As String) As Boolean
00031:         If String.IsNullOrEmpty(s) Then
00032:             Return False
00033:         End If
00034:         s = s.Trim
00035:         Dim length As Integer = s.Length
00036:         If (((((length > 4) AndAlso ((s.Chars(0) = "h"c) OrElse (s.Chars(0) = "H"c))) AndAlso ((s.Chars(1) = "t"c) OrElse (s.Chars(1) = "T"c))) AndAlso (((s.Chars(2) = "t"c) OrElse (s.Chars(2) = "T"c)) AndAlso ((s.Chars(3) = "p"c) OrElse (s.Chars(3) = "P"c)))) AndAlso ((s.Chars(4) = ":"c) OrElse (((length > 5) AndAlso ((s.Chars(4) = "s"c) OrElse (s.Chars(4) = "S"c))) AndAlso (s.Chars(5) = ":"c)))) Then
00037:             Return False
00038:         End If
00039:         If (s.IndexOf(":"c) = -1) Then
00040:             Return False
00041:         End If
00042:         Return True
00043:     End Function
00044: 
00045:     Friend Shared Function IsValidJavascriptId(ByVal id As String) As Boolean
00046:         If Not String.IsNullOrEmpty(id) Then
00047:             Return CodeGenerator.IsValidLanguageIndependentIdentifier(id)
00048:         End If
00049:         Return True
00050:     End Function
00051: 
00052:     Private Shared startingChars As Char() = New Char() { "<"c, "&"c }
00053: End Class

Комментарии к этой страничке (

)

ссылка на эту страничку: http://www.vb-net.ru/asp2/32/1.htm

<Назад> <На главную> <В раздел ASP2> <В раздел NET> <В раздел SQL> <В раздел Разное> <Написать автору> < Поблагодарить>