JAVAWEB项⽬处理XSS漏洞攻击处理⽅案对页⾯传⼊的参数值进⾏过滤,过滤⽅法如下
public static String xssEncode(String s) {
if (s == null || s.equals("")) {
return s;
}
try {
java64位s = URLDecoder.decode(s, "UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
//< > ' " \ / # &
s = s.replaceAll("<", "<").replaceAll(">", ">");
s = s.replaceAll("\\(", "(").replaceAll("\\)", ")");
s = s.replaceAll("'", "'");
s = s.replaceAll("eval\\((.*)\\)", "");
s = s.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
s = s.replaceAll("script", "");
s = s.replaceAll("#", "#");
s = s.replaceAll("%", "%");
return s;
}
发表评论