Vbscript to Remove Malicious HTML

Discussion in 'C#' started by directorycollector, Nov 23, 2006.

0
  1. #1
    Does anybody know where I can find a script for removing potentially malicious html tags or atributes from submitted HTML?
     
    directorycollector, Nov 23, 2006 IP
  2. doronty37

    doronty37 Active Member

    Messages:
    130
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    55
    #2
    Filter function from Web Wiz Forum:

    <%
'Format SQL Query funtion
Private Function formatSQLInput(ByVal strInputEntry)

	'Remove malisous charcters from sql
	strInputEntry = Replace(strInputEntry, """", "", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "'", "''", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "[", "&#091;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "]", "&#093;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "<", "&lt;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, ">", "&gt;", 1, -1, 1)
	
	'Return
	formatSQLInput = strInputEntry
End Function %>
    Code (markup):
     
    doronty37, Nov 23, 2006 IP
    YIAM likes this.