//增加xss过滤函数
var filterXSS=function(oriStr){
    if(!oriStr){
        return oriStr;
    }
    var charCodes=['3c','3e','27','22','28','29','60',{format:'script{}',chr:'3a'}];//要转义字符的16进制ASCII码[1<  2>  3'  4"  5(  6)  7`]
    var xssChars=[],filterChars=[],tmpFormat='{}',tmpChr;
    for(var i=0;i<charCodes.length;i++){
        if('string'==typeof charCodes[i]){
            tmpFormat='{}';
            tmpChr=charCodes[i];
        }else{
            tmpFormat=charCodes[i].format;
            tmpChr=charCodes[i].chr
        }
        xssChars.push(tmpFormat.replace('{}','\\u00'+tmpChr));
        xssChars.push(tmpFormat.replace('{}','%'+tmpChr));//1次encode
        xssChars.push(tmpFormat.replace('{}','%25'+tmpChr));//2次encode
        filterChars.push(tmpFormat.replace('{}','&#x'+tmpChr+';'));
        filterChars.push(tmpFormat.replace('{}','%26%23x'+tmpChr+'%3B'));//1次encode
        filterChars.push(tmpFormat.replace('{}','%2526%2523x' + tmpChr + '%253B'));//2次encode
    }
    for(var i=0;i<xssChars.length;i++){
        oriStr=oriStr.replace(new RegExp(xssChars[i],'gi'),filterChars[i]);
    }
    //预防script:
    oriStr=oriStr.replace(/script[\u000d\u000a\u0020]+\:/,'script&#x3a;');
    return oriStr;
}
function getUrlVar(name) { //获取url上某个参数的值
    var reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)", "i");
    var r = window.location.search.substr(1).match(reg);
    if (r != null) {
        return decodeURIComponent(r[2]); 
    }
    return '';
}
var urlReg=new RegExp("^((http|ftp|https):\\/\\/[\\w\\-_]+(\\.[\\w\\-_]+)+([\\w\\-\\.,@?^=%&amp;:/~\\+#]*[\\w\-\\@?^=%&amp;/~\\+#])?)$",'i');
//跳转
var s_url=getUrlVar("s_url");
if(s_url && urlReg.test(s_url) && ){
    document.location.href = filterXSS(s_url);
}
最后修改:2021 年 03 月 02 日 02 : 12 PM