20
Nov 04

过滤脚本攻击

经常会有人通过脚本方式对网站进行攻击,通过下面的方式我们可以避免一些攻击操作。

<cfscript>

function clearJS(text){
text = REReplaceNoCase(text,"(javascript)","&##106avascript");
text = REReplaceNoCase(text,"(jscript:)","&##106script:");
text = REReplaceNoCase(text,"(js:)","&##106s:");
text = REReplaceNoCase(text,"(value)","&##118alue");
text = REReplaceNoCase(text,"(about:)","about&##58");
text = REReplaceNoCase(text,"(file:)","file&##58");
text = REReplaceNoCase(text,"(vbscript:)","&##118bscript:");
text = REReplaceNoCase(text,"(vbs:)","&##118bs:");
text = REReplaceNoCase(text,"(document.cookie)","documents&##46cookie");
text = REReplaceNoCase(text,"(on(mouse|exit|error|click|key|load))","&##111n\2");
return(text);
}

</cfscript>

只要调用clearjs("text")就可以了