function html_encoder(str) {
if(str == null || str.length == 0)
return "";
var retstr = "";
for(var a=0; a<str.length; a++) {
var ch = str.charAt(a);
var code = str.charCodeAt(a);
switch(code) {
case 8220:
case 8221:
case 8222:
case 34: ch = '"'; break;
case 38: ch = '&'; break;
case 8216:
case 8217:
case 8218:
case 39: ch = '’'; break;
case 47: ch = '⁄'; break;
case 60: ch = '<'; break;
case 62: ch = '>'; break;
case 161: ch = '¡'; break;
case 162: ch = '¢'; break;
case 163: ch = '£'; break;
case 165: ch = '¥'; break;
case 166: ch = '¦'; break;
case 167: ch = '§'; break;
case 168: ch = '¨'; break;
case 169: ch = '©'; break;
case 170: ch = 'ª'; break;
case 171: ch = '«'; break;
case 172: ch = '¬'; break;
case 173: ch = '­'; break;
case 174: ch = '®'; break;
case 175: ch = '¯'; break;
case 176: ch = '°'; break;
case 177: ch = '±'; break;
case 178: ch = '²'; break;
case 179: ch = '³'; break;
case 180: ch = '´'; break;
case 181: ch = 'µ'; break;
case 182: ch = '¶'; break;
case 183: ch = '·'; break;
case 184: ch = '¸'; break;
case 185: ch = '¹'; break;
case 186: ch = 'º'; break;
case 187: ch = '»'; break;
case 188: ch = '¼'; break;
case 189: ch = '½'; break;
case 190: ch = '¾'; break;
case 191: ch = '¿'; break;
case 192: ch = 'À'; break;
case 193: ch = 'Á'; break;
case 194: ch = 'Â'; break;
case 195: ch = 'Ã'; break;
case 196: ch = 'Ä'; break;
case 197: ch = 'Å'; break;
case 198: ch = 'Æ'; break;
case 199: ch = 'Ç'; break;
case 200: ch = 'È'; break;
case 201: ch = 'É'; break;
case 202: ch = 'Ê'; break;
case 203: ch = 'Ë'; break;
case 204: ch = 'Ì'; break;
case 205: ch = 'Í'; break;
case 206: ch = 'Î'; break;
case 207: ch = 'Ï'; break;
case 208: ch = 'Ð'; break;
case 209: ch = 'Ñ'; break;
case 210: ch = 'Ò'; break;
case 211: ch = 'Ó'; break;
case 212: ch = 'Ô'; break;
case 213: ch = 'Õ'; break;
case 214: ch = 'Ö'; break;
case 215: ch = '×'; break;
case 216: ch = 'Ø'; break;
case 217: ch = 'Ù'; break;
case 218: ch = 'Ú'; break;
case 219: ch = 'Û'; break;
case 220: ch = 'Ü'; break;
case 221: ch = 'Ý'; break;
case 222: ch = 'Þ'; break;
case 223: ch = 'ß'; break;
case 224: ch = 'à'; break;
case 225: ch = 'á'; break;
case 226: ch = 'â'; break;
case 227: ch = 'ã'; break;
case 228: ch = 'ä'; break;
case 229: ch = 'å'; break;
case 230: ch = 'æ'; break;
case 231: ch = 'ç'; break;
case 232: ch = 'è'; break;
case 233: ch = 'é'; break;
case 234: ch = 'ê'; break;
case 235: ch = 'ë'; break;
case 236: ch = 'ì'; break;
case 237: ch = 'í'; break;
case 238: ch = 'î'; break;
case 239: ch = 'ï'; break;
case 240: ch = 'ð'; break;
case 241: ch = 'ñ'; break;
case 242: ch = 'ò'; break;
case 243: ch = 'ó'; break;
case 244: ch = 'ô'; break;
case 245: ch = 'õ'; break;
case 246: ch = 'ö'; break;
case 247: ch = '÷'; break;
case 248: ch = 'ø'; break;
case 249: ch = 'ù'; break;
case 250: ch = 'ú'; break;
case 251: ch = 'û'; break;
case 252: ch = 'ü'; break;
case 253: ch = 'ý'; break;
case 254: ch = 'þ'; break;
case 255: ch = 'ÿ'; break;
default: break;
}
retstr += ch;
}
return retstr;
}
more on xss attack : http://www.ibm.com/developerworks/web/library/wa-secxss/
0 comments:
Post a Comment