Z-blogһؿվű©

[Z-blogһؿվű© ȫ]Z-blogһؿվű© 
©˵Z-BlogһAspƽ̨Blog(־)֧Wap֧FirefoxOpreaڹʹ÷ǳ㷺ٷҳhttp://www.rainbowsoft.org/Z-blogϽǰ̨̨ܼ࣬ǿΪĲƷȫܴƣϴεxss©80secڲƷַһصĿվű©ϲƷϵһЩܴصĺ 

©http://www.rainbowsoft.org/ 

©FUNCTION/c_function.aspУUBBǩʱ©κûĿҳִjs룬øôûԻȡĿվȨޡ©£ 


Function UBBCode(ByVal strContent,strType) 

Dim objRegExp 
Set objRegExp=new RegExp 
objRegExp.IgnoreCase =True 
objRegExp.Global=True 

If ZC_UBB_LINK_ENABLE And Instr(strType,"[link])>0 Then 

objRegExp.Pattern=(\[URL\])(([a-zA-Z0-9]+?):\/\/\S+?)(\[\/URL\]) 
strContent= objRegExp.Replace(strContent,$2) 

objRegExp.Pattern=(\[URL\])(.+?)(\[\/URL\]) 
strContent= objRegExp.Replace(strContent,$2) 

objRegExp.Pattern=(\[URL=)(([a-zA-Z0-9]+?):\/\/\S+?)(\])(.+?)(\[\/URL\]) 
strContent= objRegExp.Replace(strContent,$5) 

objRegExp.Pattern=(\[URL=)(\S+?)(\])(\S+?)(\[\/URL\]) 
strContent= objRegExp.Replace(strContent,$4) 

objRegExp.Pattern=(\[EMAIL\])(\S+\@\S+?)(\[\/EMAIL\]) 
strContent= objRegExp.Replace(strContent,$2) 

objRegExp.Pattern=(\[EMAIL=)(\S+\@\S+?)(\])(.+?)(\[\/EMAIL\]) 
strContent= objRegExp.Replace(strContent,$4) 

End If 

Կеʽ˲ϸѭƥҲ׳߼⣬Ĺ뼴ɴվű© 


[URL][URL]http://=style=c:expression(alert())[/URL][/URL] 

뽫ѭִalert()ȻҲԼĶjsִУ 

©״̬©ǳΣգȫҪκνΪɹ 
