Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.

8 месяцев назад
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
  1. <%
  2. '=======================================================================================================================
  3. ' HTML SECURITY HELPER
  4. '=======================================================================================================================
  5. Class HTML_Security_Helper_Class
  6. '---------------------------------------------------------------------------------------------------------------------
  7. 'Uses Scriptlet.TypeLib to generate a GUID. There may be a better/faster way than this to generate a nonce.
  8. Public Function Nonce()
  9. dim TL : set TL = CreateObject("Scriptlet.TypeLib")
  10. Nonce = Left(CStr(TL.Guid), 38) 'avoids issue w/ strings appended after this token not being displayed on screen, MSFT bug
  11. set TL = Nothing
  12. End Function
  13. '---------------------------------------------------------------------------------------------------------------------
  14. 'Name is probably the combined ControllerName and ActionName of the form generator by convention
  15. Public Sub SetAntiCSRFToken(name)
  16. Session(name & ".anti_csrf_token") = Nonce()
  17. End Sub
  18. '---------------------------------------------------------------------------------------------------------------------
  19. 'Returns the CSRF token nonce from the session corresponding to the passed name
  20. Public Function GetAntiCSRFToken(name)
  21. dim token : token = Session(name & ".anti_csrf_token")
  22. If Len(token) = 0 then
  23. SetAntiCSRFToken name
  24. End If
  25. GetAntiCSRFToken = token
  26. End Function
  27. '---------------------------------------------------------------------------------------------------------------------
  28. 'Removes the current CSRF token nonce for the passed name
  29. Public Sub ClearAntiCSRFToken(name)
  30. Session.Contents.Remove(name & ".anti_csrf_token")
  31. End Sub
  32. '---------------------------------------------------------------------------------------------------------------------
  33. 'Returns true if passed nonce matches the stored CSRF token nonce for the specified name, false if not
  34. Public Function IsValidAntiCSRFToken(name, nonce)
  35. IsValidAntiCSRFToken = (GetAntiCSRFToken(name) = nonce)
  36. End Function
  37. '---------------------------------------------------------------------------------------------------------------------
  38. 'If an invalid CSRF nonce is passed, sets the flash and redirects using the appropriate MVC.Redirect* method.
  39. 'If a valid CSRF nonce is passed, clears it from the cache to reset the state to the beginning.
  40. Public Sub OnInvalidAntiCSRFTokenRedirectToAction(token_name, token, action_name)
  41. OnInvalidAntiCSRFTokenRedirectToExt token_name, token, MVC.ControllerName, action_name, empty
  42. End Sub
  43. Public Sub OnInvalidAntiCSRFTokenRedirectToActionExt(token_name, token, action_name, params)
  44. OnInvalidAntiCSRFTokenRedirectToExt token_name, token, MVC.ControllerName, action_name, params
  45. End Sub
  46. Public Sub OnInvalidAntiCSRFTokenRedirectTo(token_name, token, controller_name, action_name)
  47. OnInvalidAntiCSRFTokenRedirectToExt token_name, token, controller_name, action_name
  48. End Sub
  49. Public Sub OnInvalidAntiCSRFTokenRedirectToExt(token_name, token, controller_name, action_name, params)
  50. If IsValidAntiCSRFToken(token_name, token) then
  51. ClearAntiCSRFToken token_name
  52. Else
  53. ClearAntiCSRFToken token_name
  54. Flash.AddError "Invalid form state. Please try again."
  55. MVC.RedirectToExt controller_name, action_name, params
  56. End If
  57. End Sub
  58. End Class
  59. dim HTML_Security_Helper__Singleton
  60. Function HTMLSecurity()
  61. If IsEmpty(HTML_Security_Helper__Singleton) Then
  62. set HTML_Security_Helper__Singleton = new HTML_Security_Helper_Class
  63. End If
  64. set HTMLSecurity = HTML_Security_Helper__Singleton
  65. End Function
  66. %>

Powered by TurnKey Linux.