Strip all special characters

Question

Can anyone tell me that how to strip all special characters (<>,/\'%;()&+-*) in ASP (classic)?

This is what I have but it's not working.

Function RemoveBad(strTemp)

Dim regEx
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Pattern = "[/\<|\>|\|\'|\%|\;|\(|\)|\&|\+|\-/g]"
RemoveBad = replace(strTemp,regEx.Pattern," ")

End Function

Answer 1

You can use a series of replcae statements in a function

Function RemoveBad(strTemp)  

strTemp = REPLACE( strTemp, Chr(1),  '')
strTemp = REPLACE( strTemp, Chr(2),  '')
strTemp = REPLACE( strTemp, Chr(3),  '')
strTemp = REPLACE( strTemp, Chr(4),  '')
strTemp = REPLACE( strTemp, Chr(5),  '')
strTemp = REPLACE( strTemp, Chr(6),  '')
strTemp = REPLACE( strTemp, Chr(7),  '')
strTemp = REPLACE( strTemp, Chr(8),  '')
strTemp = REPLACE( strTemp, Chr(9),  '')
strTemp = REPLACE( strTemp, Chr(10), '')
strTemp = REPLACE( strTemp, Chr(11), '')
strTemp = REPLACE( strTemp, Chr(12), '')
strTemp = REPLACE( strTemp, Chr(13), '')
strTemp = REPLACE( strTemp, Chr(14), '')
strTemp = REPLACE( strTemp, Chr(15), '')
strTemp = REPLACE( strTemp, Chr(16), '')
strTemp = REPLACE( strTemp, Chr(17), '')
strTemp = REPLACE( strTemp, Chr(18), '')
strTemp = REPLACE( strTemp, Chr(19), '')
strTemp = REPLACE( strTemp, Chr(20), '')
strTemp = REPLACE( strTemp, Chr(21), '')
strTemp = REPLACE( strTemp, Chr(22), '')
strTemp = REPLACE( strTemp, Chr(23), '')
strTemp = REPLACE( strTemp, Chr(24), '')
strTemp = REPLACE( strTemp, Chr(25), '')
strTemp = REPLACE( strTemp, Chr(26), '')
strTemp = REPLACE( strTemp, Chr(27), '')
strTemp = REPLACE( strTemp, Chr(28), '')
strTemp = REPLACE( strTemp, Chr(29), '')
strTemp = REPLACE( strTemp, Chr(30), '')
strTemp = REPLACE( strTemp, Chr(31), '')

' Add as many replace statements as you need

End Function      

Answer 2

Use the RegExp.Replace method:

RemoveBad = regEx.Replace(strTemp, "")

Answer 3

To prevent XSS, all you need is this;

function RemoveBad(strTemp)
    RemoveBad = server.htmlencode(strTemp) 
end function