does set unchanging expressions entirely strengthen opposing querulous site scripting?


what's an instance something dangerous reason formula below?



edit: after comments i total another line, commented below. vinko's critique david grant's answer. distant wholly vinko answered question, asks specific examples trip by function. vinko presumption one, nonetheless i've edited formula tie hole. another cruise another specific example, you'll have vote!



public stationary twine strip_dangerous_tags(string text_with_tags)
{
    twine s = regex.replace(text_with_tags, @"<script", "<scrsafeipt", regexoptions.ignorecase);
    s = regex.replace(s, @"</script", "</scrsafeipt", regexoptions.ignorecase);
    s = regex.replace(s, @"<object", "</objsafect", regexoptions.ignorecase);
    s = regex.replace(s, @"</object", "</obsafect", regexoptions.ignorecase);
    // total after doubt posted
    s = regex.replace(s, @"javascript", "javasafescript", regexoptions.ignorecase);

    s = regex.replace(s, @"onabort", "onsafeabort", regexoptions.ignorecase);
    s = regex.replace(s, @"onblur", "onsafeblur", regexoptions.ignorecase);
    s = regex.replace(s, @"onchange", "onsafechange", regexoptions.ignorecase);
    s = regex.replace(s, @"onclick", "onsafeclick", regexoptions.ignorecase);
    s = regex.replace(s, @"ondblclick", "onsafedblclick", regexoptions.ignorecase);
    s = regex.replace(s, @"onerror", "onsafeerror", regexoptions.ignorecase);
    s = regex.replace(s, @"onfocus", "onsafefocus", regexoptions.ignorecase);

    s = regex.replace(s, @"onkeydown", "onsafekeydown", regexoptions.ignorecase);
    s = regex.replace(s, @"onkeypress", "onsafekeypress", regexoptions.ignorecase);
    s = regex.replace(s, @"onkeyup", "onsafekeyup", regexoptions.ignorecase);

    s = regex.replace(s, @"onload", "onsafeload", regexoptions.ignorecase);

    s = regex.replace(s, @"onmousedown", "onsafemousedown", regexoptions.ignorecase);
    s = regex.replace(s, @"onmousemove", "onsafemousemove", regexoptions.ignorecase);
    s = regex.replace(s, @"onmouseout", "onsafemouseout", regexoptions.ignorecase);
    s = regex.replace(s, @"onmouseup", "onsafemouseup", regexoptions.ignorecase);
    s = regex.replace(s, @"onmouseup", "onsafemouseup", regexoptions.ignorecase);

    s = regex.replace(s, @"onreset", "onsaferesetk", regexoptions.ignorecase);
    s = regex.replace(s, @"onresize", "onsaferesize", regexoptions.ignorecase);
    s = regex.replace(s, @"onselect", "onsafeselect", regexoptions.ignorecase);
    s = regex.replace(s, @"onsubmit", "onsafesubmit", regexoptions.ignorecase);
    s = regex.replace(s, @"onunload", "onsafeunload", regexoptions.ignorecase);

    relapse s;
}


Comments

Post a Comment

Popular posts from this blog

why does floated <input> control floated component slip over too distant right ie7, nonetheless firefox?

Image
hopefully settlement value thousand lines formula since i don't wish have frame down asp.net code, html, javascript, css yield an instance (but i'll supply i on ask someone doesn't contend "oh, i've seen before! try this...") [actually, i post formula css - bottom question]. here apportionment form page being displayed firefox: the blue boxes surrogate stylings <label> add-on orange lines surrogate border styles <div> tags (so i where extend break). <label> 's styled float: left <div 's right. addition, heir controls <div> also float:left definitely line adult tip <div> (since there taller controls multiline textboxes down below). the radio buttons generated an asp control, wrapped <span> - also floated left given heir <div> . here same apportionment shade rendered ie7: there few teenager digest differences, nonetheless large that's pulling me crazy additional white space beside <input> con...
Read more

grails record upload problems

i'm perplexing heed record upload formula grails website, i'm controlling problems. i'm controlling same formula found . here code: <g:form action="upload" method="post" enctype="multipart/form-data"> <input type="file" name="myfile" /> <input type="submit" value="upload" /> </g:form> and def upload = { def f = request.getfile('myfile') if(!f.empty) { flash.message = 'success' } else { flash.message = 'file can't empty' } } i'm receiving following blunder during runtime: message: signature method: org.mortbay.jetty.request.getfile() convenient justification types: (java.lang.string) values: {"myfile"} caused by: groovy.lang.missingmethodexception: signature method: org.mortbay.jetty.request.getfile() convenient justification types: (java.lang.string) values: {"myfile"} ...
Read more

how i emanate permitted url asp.net mvc?

how i beget permitted urls within asp.net mvc framework? example, we've got url looks this: http://site/catalogue/browsebystylelevel/1 the 1 id inspect turn (higher case) browse, nonetheless i'l reformat url same proceed does it. for example, twin urls take same place: edit: permitted biased url referred slug .
Read more