Using ihttphandlerfactory to filter out special characters can be unrelated to a specific project and easy to deploy. Using system;
Using system. IO;
Using system. Web. UI;
Using system. Web;
Using system. configuration;
Using system. Text. regularexpressions;
Using system. Web. compilation;
Using system. reflection;
Using system. Collections. Specialized;
Using system. Web. UI. webcontrols;
Using system. Web. UI. htmlcontrols;
Namespace jiancaiweb. utils
{
Public class filterstrfactoryhandler: ihttphandlerfactory
{
Public Virtual ihttphandler gethandler (httpcontext context, string requesttype, string URL, string pathtranslated)
{
// Get the compilation instance (through reflection)
Pagehandlerfactory factory = (pagehandlerfactory) activator. createinstance (typeof (pagehandlerfactory), true );
Ihttphandler handler = factory. gethandler (context, requesttype, URL, pathtranslated );
// Filter strings
If (requesttype = "Post ")
{
Page page = handler as page;
If (page! = NULL)
Page. preload + = new eventhandler (filterstrfactoryhandler_preload );
}
// Return
Return handler;
}
// Filter special characters in Textbox, input, and textarea
Void filterstrfactoryhandler_preload (Object sender, eventargs E)
{
Try
{
Page page = sender as page;
Namevaluecollection postdata = page. Request. form;
Foreach (string postkey in postdata)
{
Control CTL = page. findcontrol (postkey );
If (CTL as textbox! = NULL)
{
(Textbox) CTL). Text = Common. inputtext (textbox) CTL). Text );
Continue;
}
If (CTL as htmlinputcontrol! = NULL)
{
(Htmlinputcontrol) CTL). value = Common. inputtext (htmlinputcontrol) CTL). value );
Continue;
}
If (CTL as htmltextarea! = NULL)
{
(Htmltextarea) CTL). value = Common. inputtext (htmltextarea) CTL). value );
Continue;
}
}
}
Catch {}
}
Public Virtual void releasehandler (ihttphandler handler)
{
}
}
}
Code for common. inputtext: // string Filter
Public static string inputtext (string text)
{
TEXT = text. Trim ();
If (string. isnullorempty (text ))
Return string. empty;
TEXT = RegEx. Replace (text, "[\ s] {2,}", ""); // two or more spaces
TEXT = RegEx. replace (text, "(<[B | B] [R | r]/*>) + | (<[p | p] (. | \ n) *?>) "," \ N "); // <br>
TEXT = RegEx. replace (text, "(\ s * & [n | n] [B | B] [S | S] [p | p]; \ s *) + ", ""); // & nbsp;
TEXT = RegEx. Replace (text, "<(. | \ n) *?> ", String. Empty); // any other tags
TEXT = text. Replace ("'","''");
Return text;
}
Add this sentence to the Web. config file of the project: <! -- Filter the text information submitted to the server -->
<Add verb = "*" Path = "*. aspx" Validate = "false" type = "jiancaiweb. utils. filterstrfactoryhandler, jiancaiweb. utils"/>
</Httphandlers>
The code is actually quite understandable, that is, when you submit data (requesttype = "Post"), find the page instance through pagehandlerfactory, and filter the string method (filterstrfactoryhandler_preload) to add a preload event to the page instance, you must use this method to ensure that the input and textarea controls must be run as server controls. Otherwise, you cannot find the corresponding control through the findcontrol method of the page instance.
Some unknown friends left me a message.