鸿 网 互 联 www.68idc.cn

过滤所见所得编辑器里的危险脚本三

来源:互联网 作者:佚名 时间:2013-04-25 12:05

过滤所见所得编辑器里的危险脚本

<textarea id="bug" cols="80" rows="5">
<a style="color:epression(
'red'
)">test</a>
</textarea>
<button id="kick">抓虫4</button>
<script>
function kickBug(str) {
  return str.replace(/epression\((.|\n)*\);?/ig,"");
}
HTMLElement.prototype.__defineGetter__("innerText",function(){
 return this.textContent;
});
HTMLElement.prototype.__defineSetter__("innerText",function(text){
 this.textContent = text;
});
document.getElementById("kick").onclick = function() {
  var bug = document.getElementById("bug");
  bug.innerText = kickBug(bug.innerText);
}
</script>

<textarea id="bug" cols="80" rows="5">
<iFrame
 onload
   ='test'
></iframe>
</textarea>
<button id="kick">抓虫5</button>
<script>
function kickBug(str) {
  return str.replace(/<iframe(.|\n)*\/iframe>\s*/ig,"");
}
HTMLElement.prototype.__defineGetter__("innerText",function(){
 return this.textContent;
});
HTMLElement.prototype.__defineSetter__("innerText",function(text){
 this.textContent = text;
});
document.getElementById("kick").onclick = function() {
  var bug = document.getElementById("bug");
  bug.innerText = kickBug(bug.innerText);
}
</script>

网友评论
<