xss过滤

    function $xss(str,type){
        //空过滤
        if(!str){
            return str===0 ? "0" : "";
        }
        
        switch(type){
            case "none": //过度方案
                return str+"";
            break;
            case "html": //过滤html字符串中的XSS
                return str.replace(/[&'"<>/\-x00-x09x0b-x0cx1fx80-xff]/g, function(r){
                    return "&#" + r.charCodeAt(0) + ";"
                }).replace(/ /g, " ").replace(/
/g, "<br />").replace(/
/g,"<br />").replace(/
/g,"<br />");
            break;
            case "htmlEp": //过滤DOM节点属性中的XSS
                return str.replace(/[&'"<>/\-x00-x1fx80-xff]/g, function(r){
                    return "&#" + r.charCodeAt(0) + ";"
                });
            break;
            case "url": //过滤url
                return escape(str).replace(/+/g, "%2B");
            break;
            case "miniUrl":
                return str.replace(/%/g, "%25");
            break;
            case "script":
                return str.replace(/[\"']/g, function(r){
                    return "\" + r;
                }).replace(/%/g, "\x25").replace(/
/g, "\n").replace(/
/g, "\r").replace(/x01/g, "\x01");
            break;
            case "reg":
                return str.replace(/[\^$*+?{}.()[]]/g, function(a){
                    return "\" + a;
                });
            break;
            default:
                return escape(str).replace(/[&'"<>/\-x00-x09x0b-x0cx1fx80-xff]/g, function(r){
                    return "&#" + r.charCodeAt(0) + ";"
                }).replace(/ /g, " ").replace(/
/g, "<br />").replace(/
/g,"<br />").replace(/
/g,"<br />");
            break;
        }
    }