re post of problem concerning filter function

Results 1 to 2 of 2

Thread: re post of problem concerning filter function

  1. #1
    Join Date
    Dec 1969

    Default re post of problem concerning filter function

    This is a re post from 02.45 sunday<BR>----------------------------------<BR><BR>Hi i found a good articel concerning website security at: <BR><BR> <BR><BR>i took the function for removeing bad search words like % but it dosent work perfectly , it removes a singel % but if i type it togehter like %_% or %a% it wont... <BR><BR>any tips for workarounds ? <BR><BR>heres my slightly modiefied code: <BR><BR>&#039;************************************ ******&#039; <BR>&#039;*** Filter illegal chars ***&#039; <BR>&#039;**************************************** **&#039; <BR><BR>Function bad_filter(val1) <BR><BR>Dim badwords,booBad,prompt,x,y,i,j <BR><BR>&#039;Type the html tags and bad words you want to filter separating each other by a single space. <BR><BR>badwords = "&#060;body &#060;script &#060;/script&#062; &#060;&#062; &#060; &#062; % &#124 _ " <BR><BR>booBad = 0 <BR><BR>prompt = "" <BR><BR>&#039;Array x will now contain user inputted data splitted into words as Array elements. <BR><BR>x=Split(server.HTMLEncode(LCase(val1))) <BR><BR>&#039;Array y will now contain bad words as Array elements. <BR><BR>y=Split(server.HTMLEncode(badwords)) <BR><BR><BR>&#039; Nested for loop is used to check each word user inputted against the filtered bad word list. <BR><BR>For i = 0 to Ubound(y) <BR><BR> For j=0 to Ubound(x) <BR><BR> If x(j)=y(i) then <BR><BR> booBad = 1 <BR> If prompt&#060;&#062;"" then <BR><BR> prompt =prompt&", "&y(i) <BR><BR> Else <BR><BR> prompt =y(i) <BR><BR> End If <BR><BR> End If <BR><BR> Next <BR><BR>Next <BR><BR>If booBad=1 then <BR><BR>bad_filter=prompt <BR><BR>Else <BR><BR>bad_filter = "True" <BR><BR>End If <BR><BR>End Function

  2. #2
    Join Date
    Dec 1969

    Default RE: re post of problem concerning filter function

    You didn&#039;t include a link to the previous thread :)<BR><BR>However...<BR><BR>The problem is that you have:<BR>x=Split(server.HTMLEncode(LCase(val1))) <BR>y = Split(server.HTMLEncode(badwords))<BR><BR>Split takes two parameters - the string and the delimiter. If the delimiter is not given, it assumes space.<BR><BR>You are then iterating through these arrays and seeing if thewords are equal to each other. If they are, they typed in a "bad word" and you handle it.<BR><BR>However, "%hello" is not the same as "%", so it&#039;s passing this check.<BR><BR>You could do:<BR>if InStr(x(j), y(i)) &#062; 0 then<BR> &#039; y(i) is in x(j), so error<BR>end if<BR><BR>Which would get around your problem...<BR><BR>Craig.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts