当前位置:编程学习 > JAVA >>

两个java版本的XSS防范类

Neeaos Security Blog

PS:公司代码审核,发现还是N多XSS攻击,搜了一下,找了两个,先放这里吧!随后调试下看看。

//
// AntiXSS for Java
//http://www.gdssecurity.com/l/b/2007/12/29/antixss-for-java/
// This is a port of the Microsoft AntiXSS library v1.5 for Java.
//
// This should be compatible with JVMs implementing the Java 5 or greater standards (Java 1.5 or greater)
//
// Created by Justin Clarke on 18/11/2007.
// Copyright (c) 2007 Gotham Digital Science. All rights reserved.
//
package com.gdssecurity.utils;

import java.lang.String;
import java.lang.StringBuilder;
import java.text.StringCharacterIterator;
import java.text.CharacterIterator;

public class AntiXSS {

  // Private variables
  private static String EmptyString_JavaScript = "";
  private static String EmptyString_VBS = """";
  private static String EmptyString = "";
  private static StringBuffer strb;
  private static StringCharacterIterator sci;

  private static String EncodeHtml(String strInput) {
    if (strInput.length() == 0) {
      return EmptyString;
    }
    StringBuilder builder = new StringBuilder(strInput.length() * 2);
    CharacterIterator it = new StringCharacterIterator(strInput);
    for (char ch = it.first(); ch != CharacterIterator.DONE; ch = it.next()) {
      if ((((ch > `) && (ch < {)) || ((ch > @) && (ch < [)))
          || (((ch == ) || ((ch > /) && (ch < :))) || (((ch == .) || (ch == ,)) || ((ch == -) || (ch == _))))) {
        builder.append(ch);
      } else {
        builder.append("&#" + (int) ch + ";");
      }
    }
    return builder.toString();
  }

  private static String EncodeHtmlAttribute(String strInput) {
    if (strInput.length() == 0) {
      return EmptyString;
    }
    StringBuilder builder = new StringBuilder(strInput.length() * 2);
    CharacterIterator it = new StringCharacterIterator(strInput);
    for (char ch = it.first(); ch != CharacterIterator.DONE; ch = it.next()) {
      if ((((ch > `) && (ch < {)) || ((ch > @) && (ch < [)))
          || (((ch > /) && (ch < :)) || (((ch == .) || (ch == ,)) || ((ch == -) || (ch == _))))) {
        builder.append(ch);
      } else {
        builder.append("&#" + (int) ch + ";");
      }
    }
    return builder.toString();
  }

  private static String EncodeJs(String strInput) {
    if (strInput.length() == 0) {
      return EmptyString_JavaScript;
    }
    StringBuilder builder = new StringBuilder("");
    CharacterIterator it = new StringCharacterIterator(strInput);
    for (char ch = it.first(); ch != CharacterIterator.DONE; ch = it.next()) {
      if ((((ch > `) && (ch < {)) || ((ch > @) && (ch < [)))
          || (((ch == ) || ((ch > /) && (ch < :))) || (((ch == .) || (ch == ,)) || ((ch == -) || (ch == _))))) {
        builder.append(ch);
      } else if (ch > u007f) {
        builder.append("\u" + TwoByteHex(ch));
      } else {
        builder.append("\x" + SingleByteHex(ch));
      }
    }
    builder.append("");
    return builder.toString();
  }

  private static String EncodeUrl(String strInput) {
    if (strInput.length() == 0) {
      return EmptyString;
    }
    StringBuilder builder = new StringBuilder(strInput.length() * 2);
    CharacterIterator it = new StringCharacterIterator(strInput);
    for (char ch = it.first(); ch != CharacterIterator.DONE; ch = it.next()) {
      if ((((ch > `) && (ch < {)) || ((ch > @) && (ch < [)))
          || (((ch > /) && (ch < :)) || (((ch == .) || (ch == -)) || (ch == _)))) {
        builder.append(ch);
      } else if (ch > u007f) {
        builder.append("%u" + TwoByteHex(ch));
      } else {
        builder.append("%" + SingleByteHex(ch));
      }
    }
    return builder.toString();
  }

  private static String EncodeVbs(String strInput) {
    if (strInput.length() == 0) {
      return EmptyString_VBS;
    }
    StringBuilder builder = new StringBuilder(strInput.length() * 2);
    boolean flag = false;
    CharacterIterator it = new StringCharacterIterator(strInput);
    for (char ch = it.first(); ch != CharacterIterator.DONE; ch = it.next()) {
      if ((((ch > `) && (ch < {)) || ((ch > @) && (ch < [)))
          || (((ch == ) || ((ch > /) && (ch < :))) || (((ch == .) || (ch == ,)) || ((ch == -) || (ch == _))))) {
        if (!flag) {
          builder.append("&"");
          flag = true;
        }
        builder.append(ch);
      } else {
        if (flag) {
          builder.append(""");
          flag = false;
        }
        builder.append("&chrw(" + (long) ch + ")");
      }
    }
    if ((builder.length() > 0) && (builder.charAt(0) == &)) {
      builder.delete(0, 1);
    }
    if (builder.length() == 0) {
      builder.insert(0, """");
    }
    if (flag) {
      builder.append(""");
    }
    return builder.toStr

补充:软件开发 , Java ,

上一个:j2me实现简单socket聊天
下一个:分层架构下寻找java web漏洞

更多图片编程知识:
更多JAVA疑问解答:
java怎么在线读取ftp服务器上的文件内容
关于程序员的职业规划
HTML和JSP矛盾吗?
java小程序如何打包?
java怎么split路径文件名?
jsp+javaBean中Column 'ordersPrice' specified twice的错误
Java TCP/IP Socket网络编程系列
大家来讨论一下我到底该用什么好?Swing 还是 JavaFX
关于Hibernate实体自身多对一的抓取问题
关于apache2+tomcat群集出现的问题
spring 获取上下文问题
SSH 导入导出excel 谁有这块的资料吗?
Ext TreePanel 刷新问题
springmvc 加载一个jsp页面执行多个方法 报404
checkbox数组action怎么向页面传值
asp
php
Delphi
Matlab
JSP
Foxpro
JS
C/C++
C#/ASP.NET
VC++
JAVA
VB
汇编语言
html/css
CGI
XML/UML
wap
网站相关
网页素材
python
微信小程序
thinkphp
如果你遇到编程学习难题:
访问www.zzzyk.com 试试
CopyRight © 2022 站长资源库 编程知识问答 zzzyk.com All Rights Reserved
部分文章来自网络,