[Sample of Apr 23rd] How to filter indecent words in ASP.NET website
 |  | |
 |  | |
Sample Downloads:
C# version: https://code.msdn.microsoft.com/ASPNETSensorKeywordInSite-2770d86a
VB version: https://code.msdn.microsoft.com/ASPNETSensorKeywordInSite-6c2ed899
Today’s code sample demonstrates how to censor key words in website. Customers usually want to filter some indecent words in their website. In this sample, we use a word blacklist dictionary to store the indecent words. And we can check the users' input or search results with the blacklist, and replace the key word with specific char, such as "*".
The sample was written by our star developer: Arwind Gao.
You can find more code samples that demonstrate the most typical programming scenarios by using Microsoft All-In-One Code Framework Sample Browser or Sample Browser Visual Studio extension. They give you the flexibility to search samples, download samples on demand, manage the downloaded samples in a centralized place, and automatically be notified about sample updates. If it is the first time that you hear about Microsoft All-In-One Code Framework, please watch the introduction video on Microsoft Showcase, or read the introduction on our homepage https://1code.codeplex.com/.
Introduction
The sample demonstrates how to censor key words in website. Customers usually want to filter some indecent words in their website. In this sample, we use a word blacklist dictionary to store the indecent words. And we can check the users' input or search results with the blacklist, and replace the key word with specific char, such as "*".
Running the Sample
Please follow these demonstration steps below.
Step 1: Open the CSASPNETCensorKeywordInSite.sln.
Step 2: Right-click the KeyBlackManage.aspx page then select "View in Browser". You can add some indecent words which you want to censor.
Step 3: Right-click the Default.aspx page then select "View in Browser". Type some content then click the button to test.
Step 4: Validation finished.
Using the Code
Step1. Create a C# "ASP.NET Web Application" in Visual Studio 2010/Visual Web Developer. Name it as "CSASPNETCensorKeywordInSite".
Step2. If you have installed SQL server 2008 r2 express on your computer, you can directly use the sample database under the App_Data. If not, add a SQL Server Database in the App_Data folder and name it as ��Sample��. The definition of the table ��WordBlack�� as show below:
[Id] [int] IDENTITY(1,1) NOT NULL,[Name] [nchar](10)
You can insert the following test data or add new data:
INSERT [dbo].[WordBlack] ([Id], [Name]) VALUES (1, N'tmd')
INSERT [dbo].[WordBlack] ([Id], [Name]) VALUES (2, N'***')
INSERT [dbo].[WordBlack] ([Id], [Name]) VALUES (3, N'test')
Step3. Add a “Web Service”. This Web Service is used to get the blacklist.
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
[System.Web.Script.Services.ScriptService()]
[System.Web.Services.WebService(Namespace = "https://tempuri.org/")]
[System.Web.Services.WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ToolboxItem(false)]
public class WebService1 : System.Web.Services.WebService
{
//Sql Connection
private static SqlConnection conn = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\Sample.mdf;Integrated Security=True;User Instance=True");
[WebMethod()]
public string LoadScript()
{
// Add your operation implementation here
string input = "";
//Query string
string queryString = "SELECT [Name] FROM [WordBlack]";
//set query string
SqlCommand command = new SqlCommand(queryString, conn);
//Open connection
conn.Open();
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
input += "|" + (reader["Name"] as string).Trim();
}
input = input.Substring(1);
}
reader.Close();
//Close connection
conn.Close();
return input;
}
}
Step4. Add two pages then rename to Default.aspx and KeyBlackManage.aspx, the KeyBlackManage page is used to manage the blacklist. The Default.aspx is used to test. A button is for the client-side input validation, the other button is for the server output validation.
The main code of the client-side input validation as shown below:
<asp:ScriptManager ID="ScriptManager1" runat="server" EnablePageMethods="true">
<Services>
<asp:ServiceReference Path="~/WebService1.asmx" />
</Services>
</asp:ScriptManager>
<asp:TextBox ID="tbText" runat="server" Height="151px" TextMode="MultiLine" Width="475px"></asp:TextBox>
<asp:Button ID="btnClientCheck" runat="server" Text="ClientCheck" OnClientClick="javascript:LoadAndExecuteDynamicJS();" />
<asp:Button ID="btnEnter" runat="server" Text="ServerCheckAndOutPut" OnClick="btnEnter_Click" />
Output:
<asp:Literal ID="ltrMsg" runat="server"></asp:Literal>
<script type="text/javascript" language="javascript">function LoadAndExecuteDynamicJS() {
var wsp = CSASPNETCensorKeywordInSite.WebService1;
wsp.LoadScript(CallBackFunction);
}
function CallBackFunction(result) {
var strText = "" + document.getElementById('tbText').value;
strText = strText.replace(/(\s)*/gi, ""); //Remove space
strText = strText.toLowerCase();
var strs = new Array();
strs = result.toLowerCase().split("|");
var msg = "";
try {
for (i = 0; i < strs.length; i++) {
if (strText.indexOf(strs[i]) > -1) {
msg = msg + "," + strs[i];
}
}
if (msg.length > 0) {
alert("Your input has the following illegal characters:" + msg.substring(1,msg.length));
}
}
catch (e) {
alert(e);
}
}
</script>
The main code of the server output validation as shown below:
protected void btnEnter_Click(object sender, EventArgs e)
{
string str = tbText.Text;
str = str.Trim(); //Remove the spaces and format symbols in the data
string str1 = str.Replace(" ", "");
bool isBool = ValidByReg(str1);
if (isBool)
{
ltrMsg.Text = str;
}
else
{
ltrMsg.Text = ReplacDirty(str);
}
}
//The list of KeyBlack such as:dirtyStr1|dirtyStr2|dirtyStr3
public static string dirtyStr = "";
public string ReplacDirty(string str)
{
dirtyStr = ReadDic();
try
{
str = Regex.Replace(str, @"" + dirtyStr + "", @"xxxxx");
}
catch (ArgumentException ex)
{
// Syntax error in the regular expression
}
return str;
}
private string ReadDic()
{
String input = "";
//Query string
string queryString = "SELECT [Name] FROM [WordBlack]";
//set query string
SqlCommand command = new SqlCommand(queryString, conn);
//Open connection
conn.Open();
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
input += "|" + (reader["Name"] as string).Trim();
}
input = input.Substring(1);
}
reader.Close();
//Close connection
conn.Close();
return input;
}
public bool ValidByReg(string str)
{
dirtyStr = ReadDic();
//Regular expression used to detect dirty dictionary
Regex validateReg = new Regex("^((?!" + dirtyStr + ").(?<!" + dirtyStr + "))*$", RegexOptions.Compiled | RegexOptions.ExplicitCapture);
return validateReg.IsMatch(str);
}
The main code of KeyBlackManage page as shown below:
/// <summary>
/// Bind datatable to GridView
/// </summary>
private void BindGrid()
{
//Query string
string queryString = "SELECT [Id], [Name] FROM [WordBlack]";
SqlDataAdapter adapter = new SqlDataAdapter();
//set query string
adapter.SelectCommand = new SqlCommand(queryString, connection);
//Open connection
connection.Open();
//Sql data is stored DataSet.
DataSet sqlData = new DataSet();
adapter.Fill(sqlData, "WordBlack");
//Close connection
connection.Close();
//Bind datatable to GridView
gdvKeyword.DataSource = sqlData.Tables[0];
gdvKeyword.DataBind();
}
//database operation
protected void btnAdd_Click(object sender, EventArgs e)
{
if (IsValid)
{
string queryString = "Insert into [WordBlack](Name)values(@Keyword)";
SqlParameter para = new SqlParameter("Keyword", tbKey.Text.Trim());
SqlCommand command = new SqlCommand(queryString, connection);
command.Parameters.Add(para);
connection.Open();
command.ExecuteNonQuery();
connection.Close();
BindGrid();
}
}