How to filter malicious scripts in. Text

Author: dudu from: blog Park

In February March 8, there was a problem that the homepage did not display content, because the. Text program did not perform script filtering on the User display name .. Text. In fact, script filtering is required for the content entered by each user and displayed on the page. Otherwise, security risks are inevitable.
How does one filter user input in. Text? The two classes EntryValidationHandler and CommentFormatHandler are used to check and process the data before the data is submitted to the database.
EntryValidationHandler mainly checks and prompts an error when illegal content is found and does not submit the content to the database. the Text check method seems a bit problematic. The html content copied from Word, for example,. NET to the Word and then copy. text ,. text is always unable to pass the check, and there is no way. In order to make it easier for everyone, the blog Park can only write code for processing by itself, but now it simply filters out scripts.
The main function of CommentFormatHandler is to convert the html tag in the comment into text, so as to avoid malicious content in the comment.

Apparently, the processing of malicious scripts in. Text is insufficient:
1. In EntryValidationHandler, only the content of the article is checked. text is represented by an Entry object class ,. text Search Enrty. in fact, many attributes of the Enry class also need to be checked and filtered by malicious scripts.
2 ,. there is also an important entity class BlogConfig in Text. A lot of data in BlogConfig needs to be maintained by users. Therefore, it is also necessary to check some attributes of BlogConfig. Problems in the blog garden may occur, that is, because. text does not have this entity class for check.
3. added the advanced comment function in the blog. Therefore, html code must be allowed when the comment is displayed. html is not allowed in Text (so you don't have to worry about malicious content), but now the blog garden program must process the comment. In fact, the comment is also represented by the Enry class, as long as the Enry class is processed, the Comment problem is solved.

How should we effectively filter malicious scripts? I have thought of three methods:
1. check when the user inputs data in the form and submits the data. However, this method cannot be used to check the articles published by the Blog desktop tool. Such articles must be processed separately.
2. Filtering during display. This is obvious, which is both troublesome and prone to problems. As long as you forget to filter it, you will get rid of it.
3. filter data before it is submitted to the database. Text adopts this method, but the disadvantage is that it must be checked before each data update operation.

I don't think these three methods are very effective. A good method should filter malicious content in a unified place. Why don't you focus on these two entity classes? As long as the two entity classes are checked and filtered, isn't the problem solved? Since all operations are centered around these two entity classes, as long as we check and filter the relevant attributes of these two entity classes, we will not worry about any unfiltered content from other places. Although the object class is not accessed when data is displayed in some Text fields, all data update operations are performed by passing data through the object class. One of the methods I have come up with is to process the object class-related attributes in Get, and filter the attribute values before Get returns. This is a simple and effective method, but it is not perfect. We need to minimize the modification to the object class. Can we solve this problem using the design mode and DECORATOR mode? Many modes are for interfaces and methods, and the entity classes here are used to represent data. They are all attributes and there is no method. JGTM's article A Taste of AOP from Solving Problems with OOP and Design Patterns also discusses related issues. I haven't fully understood this article yet, but that is also for the additional processing before calling the object method, and how to deal with the attribute?

Please provide some good ideas or some simple methods!
Sorry for any inappropriate content in this article. After all, it is out of the hands of an author with a low level of. NET technology.

Comments from other friends;

On a.m., you can directly use server.html encode (content) to convert all <> to the corresponding <= & lt ;>=& gt; and then modify the server. htmlDecode (content) can be decoded in the afternoon. Replace is also saved.

Don't you know how it works?

B .html is to be displayed. At present, it mainly filters script code.

C. I think it is better to filter in the update operation of the Entry object class.

D ..

AOP is applicable to general situations. I am misled to avoid using these complex technologies in special cases (especially in the case of code. :)

In this case, you can call a ValidateContent () virtual METHOD (template method) before the Get/Set METHOD returns/saves the content ), the content verification logic is integrated into the existing logic (and can be reloaded and changed in the subclass), or if the verification logic for all subclasses is consistent, it is not implemented as a virtual method.

BTW: The property is actually a pair of child methods (getter/setter), there is no essential difference.
E. The method on the first floor looks simple. In fact, all HTML is shot. It is better to enclose the content with XMP .;)

F.

In fact, it is appropriate to use the Decorate mode. Create a class named EntryDecorate (it is better to use Concret Decorate due to simple requirements). When necessary, call the RemoveHtml method of the class to implement filtering. In normal cases, the EntryDecorate class is transparent. This gives you great flexibility.
G.

Now it is very troublesome to filter out malicious scripts for every attribute of the Entry class and add a method call through Get/Set. If there are many entity classes, you must change the attributes of each object. Whether to create a special filter class, define a filter policy in this class, and filter the attributes of which classes. This class is equivalent to a proxy, before accessing the attributes of an object class, the proxy class is responsible for checking and filtering.
H.

Now it is very troublesome to filter out malicious scripts for every attribute of the Entry class and add a method call through Get/Set. If there are many entity classes, you must change the attributes of each object. Whether to create a special filter class, define a filter policy in this class, and filter the attributes of which classes. This class is equivalent to a proxy, before accessing the attributes of an object class, the proxy class is responsible for checking and filtering.
H.

Now it is very troublesome to filter out malicious scripts for every attribute of the Entry class and add a method call through Get/Set. If there are many entity classes, you must change the attributes of each object. Whether to create a special filter class, define a filter policy in this class, and filter the attributes of which classes. This class is equivalent to a proxy, before accessing the attributes of an object class, the proxy class is responsible for checking and filtering.
I.

A filter policy can be used to define custom attributes or even connect to external configuration data (Regex can be considered). It is feasible to use RealProxy, but it is not necessarily the best in this case. In this case, the technology that needs to be used to change the behavior of objects is the traditional Reconstruction Technology-especially when you have source code.

However, I am very grateful for the practical spirit of dudu! What do you do if you don't do it yourself? Therefore, we encourage everyone to start and brainstorm when encountering problems! GJGJ ...... :)