Dangerous character filtering classes applicable to interactive modules such as forums

Using system;
Using system. IO;
Using system. text;
Using system. Text. regularexpressions;
Using system. runtime. remoting;
Using system. runtime. remoting. proxies;
Using system. runtime. remoting. messaging;
Using system. reflection;

Namespace filterrealproxy
{
/** // <Summary>
/// Filterrealproxy class: a real proxy that intercepts the return values of methods in the proxy object and filters the returned values to be filtered.
/// </Summary>
Public class filterrealproxy: realproxy
{
Private jsonalbyrefobject target;
Public filterrealproxy (externalbyrefobject target): Base (target. GetType ())
{
This.tar get = target;
}
Public override iMessage invoke (iMessage MSG)
{
Imethodcallmessage callmsg = MSG as imethodcallmessage;
Imethodreturnmessage returnmsg = remotingservices. executemessage (target, callmsg );
// Check whether the returned value is a string. If it is not a string, no filtering is required.
If (this. ismatchtype (returnmsg. returnvalue ))
{
String returnvalue = This. Filter (returnmsg. returnvalue. tostring (), returnmsg. methodname );
Return new returnmessage (returnvalue, null, 0, null, callmsg );
}
Return returnmsg;
}
Protected string filter (string returnvalue, string methodname)
{
Methodinfo = target. GetType (). getmethod (methodname );
Object [] attributes = methodinfo. getcustomattributes (typeof (stringfilter), true );
Foreach (Object attrib in attributes)
{
Return filterhandler. Process (stringfilter) attrib). filtertype, returnvalue );
}
Return returnvalue;
}
Protected bool ismatchtype (Object OBJ)
{
Return obj is system. String;
}
}

/** // <Summary>
/// Stringfilter class: custom attribute class, which defines the filter type of the target element.
/// </Summary>
Public class stringfilter: attribute
{
Protected filtertype _ filtertype;

Public stringfilter (filtertype)
{
This. _ filtertype = filtertype;
}
Public filtertype
{
Get
{
Return _ filtertype;
}
}
}

/** // <Summary>
/// Enumeration class: used to specify the filtering type. For example, filter scripts or HTML?
/// </Summary>
[Flags ()]
Public Enum filtertype
{
Script = 1,
Html = 2,
Object = 3,
Ahrefscript = 4,
IFRAME = 5,
Frameset = 6,
Src = 7,
Badwords = 8,
// Include = 9,
All = 16
}

/** // <Summary>
/// Filter processing class: The corresponding filter processing method is called Based on the filtering type.
/// </Summary>
 
Public class filterhandler
{
Private filterhandler ()
{
}
Public static string process (filtertype, string filtercontent)
{
Switch (filtertype)
{
Case filtertype. Script:
Filtercontent = filterscript (filtercontent );
Break;
Case filtertype. html:
Filtercontent = filterhtml (filtercontent );
Break;
Case filtertype. Object:
Filtercontent = filterobject (filtercontent );
Break;
Case filtertype. ahrefscript:
Filtercontent = filterahrefscript (filtercontent );
Break;
Case filtertype. IFRAME:
Filtercontent = filteriframe (filtercontent );
Break;
Case filtertype. frameset:
Filtercontent = filterframeset (filtercontent );
Break;
Case filtertype. SRC:
Filtercontent = filtersrc (filtercontent );
Break;
// Case filtertype. include:
// Filtercontent = filterinclude (filtercontent );
// Break;
Case filtertype. badwords:
Filtercontent = filterbadwords (filtercontent );
Break;
Case filtertype. ALL:
Filtercontent = filterall (filtercontent );
Break;
Default:
// Do nothing
Break;
}
Return filtercontent;
}

Public static string filterscript (string content)
{
String commentpattern = @"(? 'Comment' <! --.*? -- [/N/R] *> )";
String embeddedscriptcomments = @"(///*.*? /* // | ////.*? [/N/R]) ";
String scriptpattern = string. Format (@"(? 'Script' <[/n/R] * script [^>] *> (.*? {0 }?) * <[/N/R] */script [^>] *>) ", embeddedscriptcomments );
// Contains comments and script statements
String Pattern = string. Format (@"(? S) ({0} | {1}) ", commentpattern, scriptpattern );

Return stripscriptattributesfromtags (RegEx. Replace (content, pattern, String. Empty, regexoptions. ignorecase ));
}

Private Static string stripscriptattributesfromtags (string content)
{
String eventattribs = @ "On (blur | C (hange | lick) | dblclick | focus | keypress | (Key | mouse) (down | up) | (un )? Load
| Mouse (move | O (UT | ver) | reset | S (ELECT | ubmit ))";

String Pattern = string. Format (@"(? Token)
/<(/W +)/S +
(
(? 'Attribute'
(? 'Butbutename' {0})/S * =/S *
(? 'Delimiter' ['"]?)
(? 'Bubutevalue' [^ '">] +)
(/3)
)
|
(? 'Attribute'
(? 'Butbutename' href)/S * =/S *
(? 'Delimiter' ['"]?)
(? 'Bubutevalue' JavaScript [^ '">] +)
(/3)
)
|
[^>]
)*
/> ", Eventattribs );
RegEx Re = new RegEx (pattern );
// Use the matchevaluator delegate
Return re. Replace (content, new matchevaluator (stripattributeshandler ));
}

Private Static string stripattributeshandler (Match m)
{
If (M. Groups ["attribute"]. Success)
{
Return M. value. Replace (M. Groups ["attribute"]. value ,"");
}
Else
{
Return M. value;
}
}

Public static string filterahrefscript (string content)
{
String newstr = filterscript (content );
String regexstr = @ "href [^ =] * = * [/S] * script *:";
Return RegEx. Replace (newstr, regexstr, String. Empty, regexoptions. ignorecase );
}

Public static string filtersrc (string content)
{
String newstr = filterscript (content );
String regexstr = @ "src * = * ['"]? [^/.] +/. (JS | vbs | ASP | aspx | PHP | JSP) ['""] ";
Return RegEx. Replace (newstr, regexstr, @ "", regexoptions. ignorecase );
}
/**//*
Public static string filterinclude (string content)
{
String newstr = filterscript (content );
String regexstr = @ "<[/S] * include * (File | virtual) * = * [/S] */. (JS | vbs | ASP | aspx | PHP | JSP) [^>] *> ";
Return RegEx. Replace (newstr, regexstr, String. Empty, regexoptions. ignorecase );
}
*/
Public static string filterhtml (string content)
{
String newstr = filterscript (content );
String regexstr = @ "<[^>] *> ";
Return RegEx. Replace (newstr, regexstr, String. Empty, regexoptions. ignorecase );
}

Public static string filterobject (string content)
{
String regexstr = @"(? I) <object ([^>]) *> (/w |/W) * </object ([^>]) *> ";
Return RegEx. Replace (content, regexstr, String. Empty, regexoptions. ignorecase );
}

Public static string filteriframe (string content)
{
String regexstr = @"(? I) <IFRAME ([^>]) *> (/w |/W) * </iframe ([^>]) *> ";
Return RegEx. Replace (content, regexstr, String. Empty, regexoptions. ignorecase );
}

Public static string filterframeset (string content)
{
String regexstr = @"(? I) <frameset ([^>]) *> (/w |/W) * </frameset ([^>]) *> ";
Return RegEx. Replace (content, regexstr, String. Empty, regexoptions. ignorecase );
}

// Remove invalid or unfriendly characters
Private Static string filterbadwords (string chkstr)
{
// Invalid and unfriendly characters are randomly added and separated by "|". Regular Expressions are supported. This blog does not allow illegal and unfriendly characters to be added.
String badwords = @"";
If (chkstr = "")
{
Return "";
}

String [] bwords = badwords. Split ('#');
Int I, J;
String STR;
Stringbuilder sb = new stringbuilder ();
For (I = 0; I <bwords. length; I ++)
{
STR = bwords [I]. tostring (). Trim ();
String regstr, tostr;
Regstr = STR;
RegEx r = new RegEx (regstr, regexoptions. ignorecase | regexoptions. singleline | regexoptions. multiline );
Match m = R. Match (chkstr );
If (M. Success)
{
J = M. value. length;
SB. insert (0, "*", J );
Tostr = sb. tostring ();
Chkstr = RegEx. Replace (chkstr, regstr, tostr, regexoptions. ignorecase | regexoptions. singleline | regexoptions. multiline );
}
SB. Remove (0, SB. Length );
}
Return chkstr;
}

Public static string filterall (string content)
{
Content = filterhtml (content );
Content = filterscript (content );
Content = filterahrefscript (content );
Content = filterobject (content );
Content = filteriframe (content );
Content = filterframeset (content );
Content = filtersrc (content );
Content = filterbadwords (content );
// Content = filterinclude (content );
Return content;
}
}
}