ASP anti-XSS injection Function

'The anti-XSS injection function was updated on by evio
'Compared with checkstr (), checkxss is more secure
'*************************************
Function Checkxss (byVal ChkStr)
Dim Str
Str = ChkStr
If IsNull (Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace (Str ,"&","&")
Str = Replace (Str ,"'","'")
Str = Replace (Str ,"""",""")
Str = Replace (Str, "<", "<")
Str = Replace (Str, ">", "> ")
Str = Replace (Str ,"/","/")
Str = Replace (Str ,"*","*")
Dim re
Set re = New RegExp
Re. IgnoreCase = True
Re. Global = True
Re. Pattern = "(w) (here )"
Str = re. Replace (Str, "$1 here ")
Re. Pattern = "(s) (elect )"
Str = re. Replace (Str, "$1 elect ")
Re. Pattern = "(I) (nsert )"
Str = re. Replace (Str, "$1 nsert ")
Re. Pattern = "(c) (reate )"
Str = re. Replace (Str, "$1 reate ")
Re. Pattern = "(d) (rop )"
Str = re. Replace (Str, "$ 1rop ")
Re. Pattern = "(a) (lter )"
Str = re. Replace (Str, "$1 lter ")
Re. Pattern = "(d) (elete )"
Str = re. Replace (Str, "$1 elete ")
Re. Pattern = "(u) (pdate )"
Str = re. Replace (Str, "$1 pdate ")
Re. Pattern = "(s) (or )"
Str = re. Replace (Str, "$ 1or ")
Re. Pattern = "()"
Str = re. Replace (Str, "$ 1or ")
'----------------------------------
Re. Pattern = "(java) (script )"
Str = re. Replace (Str, "$1 script ")
Re. Pattern = "(j) (script )"
Str = re. Replace (Str, "$1 script ")
Re. Pattern = "(vb) (script )"
Str = re. Replace (Str, "$1 script ")
'----------------------------------
If Instr (Str, "expression")> 0 Then
Str = Replace (Str, "expression", "e-xpression", 1,-1, 0) 'prevents xss Injection
End If
Set re = Nothing
Checkxss = Str
End Function
 
Test code:
 
<Script> alert (/xss0/) </script>






 

 
<Script language = "JavaScript">
Eval ("\ x6a \ x61 \ x76 \ x61 \ x73 \ x63 \ x72 \ x69 \ x74 \ x3a \ x61 \ x6c \ x65 \ x72 \ x74 \ x28 \ x22 \ x58 \ x53 \ x53 \ x22 \ x29 ")
</SCRIPT>