com.yuweix.kuafu.web.XssUtil Maven / Gradle / Ivy
The newest version!
package com.yuweix.kuafu.web;
/**
* Xss过滤器,用于去除XSS漏洞隐患。
* @author yuwei
*/
public abstract class XssUtil {
public static String filter(String val) {
val = val.replaceAll("<", "<").replaceAll(">", ">");
val = val.replaceAll("%3C", "<").replaceAll("%3E", ">");
val = val.replaceAll("\\(", "(").replaceAll("\\)", ")");
val = val.replaceAll("%28", "(").replaceAll("%29", ")");
val = val.replaceAll("'", "'");
val = val.replaceAll("eval\\((.*)\\)", "");
val = val.replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"");
val = val.replaceAll("script", "");
return val;
}
}