The filter blocker dynamically intercepts strings and entity classes to check for keywords, and changes to strings and dynamic entity classes are resubmitted.
First step: New Interceptor class name and inherit ActionFilterAttribute:CustomerFilterAttribute:ActionFilterAttribute
Step two: Implement in Method onactionexecuting
Step three: Add [Customerfilter] above the corresponding action or class to enable interception control filtering on the action or class.
The complete code is as follows:
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Reflection;
Using System.Security.Policy;
Using System.Text;
Using System.Web;
Using SYSTEM.WEB.MVC;
Using System.Reflection;
Namespace SaaS.Admin.Base
{
<summary>
Global Filters
</summary>
public class Customerfilterattribute:actionfilterattribute
{
<summary>
To execute the call before the action actions method is executed
</summary>
<param name= "Filtercontext" ></param>
public override void OnActionExecuting (ActionExecutingContext filtercontext)
{
Base. OnActionExecuting (Filtercontext);
var parameters = FilterContext.ActionDescriptor.GetParameters ();
foreach (var parameter in parameters)
{
if (parameter. ParameterType = = typeof (String))
{
Get string parameter original value
var orginalvalue = Filtercontext.actionparameters[parameter. ParameterName] As String;
Using filtering algorithms to process strings
if (!string. IsNullOrEmpty (orginalvalue) && orginalvalue!= "")
{
var filteredvalue = Htmlescapecode (Orginalvalue);
Assigning a post-processing value to a parameter
Filtercontext.actionparameters[parameter. ParameterName] = Filteredvalue;
}
}
else if (parameter. ParameterName = = "Model")
{
Get string parameter original value
var value = Filtercontext.actionparameters[parameter. ParameterName];
if (value. GetType (). IsClass && value. GetType (). Name = "string")//check if it is a class and is not a string type
{
Object objclass = value;//Gets the string parameter original value
propertyinfo[] Infos = Objclass.gettype (). GetProperties ();//Gets all the public properties of the original object
#region Create new instances dynamically "create new instances of entity classes dynamically"
System.Type TT = System.Type.GetType (value. ToString ());//Gets the type of the specified name
Object FF = activator.createinstance (TT, NULL);//Create instance of specified type
propertyinfo[] fields = ff. GetType (). GetProperties ();//Gets all the public properties of the specified object
Object obj = activator.createinstance (TT, NULL);//Create a new instance of the specified type "dynamically create a new instance"
#endregion
foreach (PropertyInfo info in infos)
{
if (info. CanRead)
{
Console.WriteLine (Info. Name + "=" + info. GetValue (objclass, null));
if (info. Propertytype.name = = "String")
{
Get value
String Orginalvalue =convert.tostring (info. GetValue (objclass, null));
if (!string. IsNullOrEmpty (orginalvalue) | | Orginalvalue!= "")
{
Check Filter Special characters
var filteredvalue = Htmlescapecode (Orginalvalue);
Assigning a post-processing value to a parameter
Info. SetValue (obj, filteredvalue, null);
Assigning a new value to an entity object
Filtercontext.actionparameters[parameter. ParameterName] = obj;
}
}
Else
{
Object Orginalvalue = info. GetValue (objclass, NULL);//Get value
Info. SetValue (obj, orginalvalue,null);//assigning new values to objects
Filtercontext.actionparameters[parameter. ParameterName] = obj;//assigning values to entity class objects
}
}
}
}
}
}
}
<summary>
Executes the call after the action method is executed
</summary>
<param name= "Filtercontext" ></param>
public override void OnActionExecuted (ActionExecutedContext filtercontext)
{
Base. OnActionExecuted (Filtercontext);
var controllername = filtercontext.routedata.values["Controller"];
var actionname = filtercontext.routedata.values["Action"];
}
Filter keywords
public string Htmlescapecode (string html)
{
var strhtml = html. Replace ("JavaScript", "" ")
. Replace ("VBScript", "" ")
. Replace ("JScript", "" ")
. Replace ("Script", "")
. Replace ("eval", "" ")
. Replace ("<", "" ")
. Replace (">", ">")
. Replace ("\", "'")
. Replace ("\" "," "")
. Replace ("&", "&")
. Replace ("#", "#");
return strhtml;
}
}
}
For example: control of base class Basecontroller
Using System;
Using System.Collections;
Using System.Collections.Generic;
Using System.Linq;
Using SYSTEM.WEB.MVC;
Using Microsoft.Practices.ServiceLocation;
Using SaaS.Contracts.SaaS.Intern;
Using SaaS.Framework.IIdentity;
Using SaaS.Models.Domain.Enums;
Namespace SaaS.Admin.Base
{
<summary>
Base Controller
</summary>
[Customerfilter]
public class Basecontroller:controller
{
<summary>
Popup Success Prompt
</summary>
<param name= "message" > Success message </param>
<param name= "url" > Jump path </param>
<returns></returns>
Protected ActionResult Successresult (String message, string URL)
{
tempdata["Successresult"] = message;
return Redirect (URL);
}
}
}
MVC Interceptor, MVC filter, MVC ActionFilterAttribute Interceptor Filter, onactionexecuting