JS 特殊字段过滤 

var str1 = str.replace(/[\'\"\\\/\b\f\n\r\t]/g, ''); // 去掉转义字符 
var str2= str.replace(/[\-\_\,\!\|\~\`\(\)\#\$\%\^\&\*\{\}\:\;\"\L\<\>\?]/g, ''); //去掉特殊字符return str2;

 
var containSpecial = RegExp(/[(\ )(\~)(\!)(\@)(\#)(\$)(\%)(\^)(\&)(\*)(\()(\))(\-)(\_)(\+)(\=)(\[)(\])(\{)(\})(\|)(\\)(\;)(\:)(\')(\")(\,)(\.)(\/)(\<)(\>)(\?)(\)]+/); 
return ( containSpecial.test(s) ); 判断是否含有

 

var filterRule= /[^0-9a-zA-Z_]/g; 
var judge= filterRule.test(str); //判断传进来的数据是否含有特殊字符。test函数返回匹配结

 

KOA2应用一下

/tool/security.js

function stripScript(s){ 
    var pattern = new RegExp("`~!@#$^&*()=|<>/?~!@#¥……&*()——|【】‘”“。、?]") 
    /*
    var rs = ""; 
    for (var i = 0; i < s.length; i++) { 
    rs = rs+s.substr(i, 1).replace(pattern, ''); 
    } 
    return rs; 
    */ 
    //敏感字符判别
    let rs = false
    if(pattern.test(s)){
        return rs 
    }
    return s
} 

module.exports = {defender,stripScript}

Index.js

app.use(async (ctx, next) => {
  try {
if(security.stripScript(ctx.request.body)==false){return error
    }
    await next()
    //console.log(ctx.response)
    //console.log("==================================")
  } catch (error) {
    ctx.body = {
      status: "error",
      message: error.message
    }
  }
})

 

posted @ 2018-08-28 15:15  JokerJason  阅读(1165)  评论(0)    收藏  举报

It's not who you are underneath, it's what you do that defines you

Brick walls are there for a reason :they let us prove how badly we want things