void FilterAttacks(string str, Func <string, bool> fn, string propertyName = null)
{
//string str = "test<script>alert(document.cookie)</script>";
txt += "\n======================================================\n原文:\n" + str + "\n";
//try
//{
str = "过滤\n" + antisamy.scan(str, policy).getCleanHTML();
txt += str + "\n状态:" + (fn(str) ? "成功!" : "失败");
//}
//catch (Exception x)
//{
// txt += "失败: Caught exception in " + propertyName + "(): " + x.Message;
//}
}
public void testScriptAttacks()
{
try
{
Assert.IsTrue(antisamy.scan("test<script>alert(document.cookie)</script>", policy).getCleanHTML().IndexOf("script") == -1);
Assert.IsTrue(antisamy.scan("<<<><<script src=http://fake-evil.ru/test.js>", policy).getCleanHTML().IndexOf("<script") == -1);
Assert.IsTrue(antisamy.scan("<script<script src=http://fake-evil.ru/test.js>>", policy).getCleanHTML().IndexOf("<script") == -1);
Assert.IsTrue(antisamy.scan("<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", policy).getCleanHTML().IndexOf("<script") == -1);
Assert.IsTrue(antisamy.scan("<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>", policy).getCleanHTML().IndexOf("onload") == -1);
Assert.IsTrue(antisamy.scan("<BODY ONLOAD=alert('XSS')>", policy).getCleanHTML().IndexOf("alert") == -1);
Assert.IsTrue(antisamy.scan("<iframe src=http://ha.ckers.org/scriptlet.html <", policy).getCleanHTML().IndexOf("<iframe") == -1);
Assert.IsTrue(antisamy.scan("<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">", policy).getCleanHTML().IndexOf("src") == -1);
}
catch (Exception e)
{
Assert.Fail("Caught exception in testScriptAttack(): " + e.Message);
}
}