Filter out dangerous HTML tags: script, ifame, object

For submitted HTML code, if it contains script, iframe, frameset and other tags, it will pose a certain potential threat to the website itself. Use the following functions to filter out the specified HTML tags.

Note:

1. For single marks (such as: <hr/>,<br/>, etc.), because they will not pose a threat to the website itself, the single marks are not included in the filtering range.

2. Parameter strHTML: HTML code content to be filtered

3. Parameter strTAGs: The HTML tag names to be filtered out, each tag name is separated by English comma (,)

'Wrttenbyi{At}CnLei.Com

FunctionlFilterBadHTML(byvalstrHTML, byvalstrTAGs)

DimobjRegExp,strOutput

DimarrTAG,i

arrTAG=Split(strTAGs,",")

SetobjRegExp=NewRegexp

strOutput=strHTML

objRegExp.IgnoreCase=True

objRegExp.Global=True

Fori=0toUBound(arrTAG)

objRegExp.Pattern="<"&arrTAG(i)&"[/s/S]+</"&arrTAG(i)&"*>"

strOutput=objRegExp.Replace(strOutput,"")

Next

SetobjRegExp=Nothing

lFilterBadHTML=strOutput

EndFunction

'Example

DimsPageCont

sPageCont="...Web page content..."

sPageCont=FilterBadHTML(sPageCont,"script,iframe,object,table")

%>