js过滤字符串

js过滤字符串

function removeXss(str) {
    str = str.replace(/<\/?[^>]*>/g, '');
    var keyWordArr = ['alert', 'function', 'href', 'javascript', 'onabort', 'onblur', 'onchange', 'onclick', 'ondblclick', 'onerror', 'onfocus',
        'onkeydown', 'onkeypress', 'onkeyup', 'onload', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onreset',
        'onresize', 'onselect', 'onsubmit', 'onunload', 'script', 'break', 'window', 'open', 'close', 'status', 'confirm', 'prompt', 'document', 'action',
        'background', 'codebase', 'dynsrc', 'lowsrc', 'cookie', 'var', 'date', 'math', 'new', 'this', 'focus'];
    for (var i in keyWordArr) {
        var reg = new RegExp(keyWordArr[i], 'ig');
        str = str.replace(reg, '');
    }
    return str;
}

你可能感兴趣的:(JavaScript,jQuery,javascript,jquery)