/// <summary> ///Filter Marks/// </summary> /// <param name= "nohtml" >including HTML, scripts, database keywords, special characters of the source code</param> /// <returns>The marked text has been removed</returns> Public Static stringNohtml (stringhtmlstring) { if(Htmlstring = =NULL) { return ""; } Else { //Delete Scripthtmlstring = Regex.Replace (htmlstring,@"<script[^>]*?>.*?</script>","", regexoptions.ignorecase); //Delete HTMLhtmlstring = Regex.Replace (htmlstring,@"< (. [ ^>]*) >","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"([\ r \ n]) [\s]+","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@" -","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"<!--. *","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (quot| #34);","\"", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (amp| #38);","&", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (lt| #60);","<", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (gt| #62);",">", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (nbsp| #160);"," ", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (iexcl| #161);","\xa1", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (cent| #162);","\xa2", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (pound| #163);","\xa3", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"& (copy| #169);","\xa9", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,@"(\d+);","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"xp_cmdshell","", regexoptions.ignorecase); //Delete a database-related wordhtmlstring = Regex.Replace (htmlstring,"Select","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"Insert","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"Delete from","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"Count '","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"drop table","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"truncate","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"ASC","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"Mid","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"Char","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"xp_cmdshell","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"EXEC Master","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"net localgroup Administrators","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring," and","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"NET user","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"or","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"Net","", regexoptions.ignorecase); //htmlstring = Regex.Replace (htmlstring, "*", "" ", regexoptions.ignorecase); //htmlstring = Regex.Replace (htmlstring, "-", "" ", regexoptions.ignorecase);htmlstring = Regex.Replace (htmlstring,"Delete","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"Drop","", regexoptions.ignorecase); Htmlstring= Regex.Replace (htmlstring,"Script","", regexoptions.ignorecase); //Special Charactershtmlstring = Htmlstring.replace ("<",""); Htmlstring= Htmlstring.replace (">",""); Htmlstring= Htmlstring.replace ("*",""); Htmlstring= Htmlstring.replace ("-",""); Htmlstring= Htmlstring.replace ("?",""); Htmlstring= Htmlstring.replace (",",""); Htmlstring= Htmlstring.replace ("/",""); Htmlstring= Htmlstring.replace (";",""); Htmlstring= Htmlstring.replace ("*/",""); Htmlstring= Htmlstring.replace ("\ r \ n",""); Htmlstring=HttpContext.Current.Server.HtmlEncode (htmlstring). Trim (); returnhtmlstring; } }
C # filter HTML, scripts, database keywords, special characters