• Home
• xyz.erupt
• erupt-core
• 1.11.2
• source code
• SecurityUtil.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

xyz.erupt.core.util.SecurityUtil Maven / Gradle / Ivy

package xyz.erupt.core.util;

import org.apache.commons.lang3.StringUtils;
import xyz.erupt.core.exception.EruptWebApiRuntimeException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.util.regex.Pattern;

/**
 * @author YuePeng
 * date 2019-10-30.
 */
public class SecurityUtil {

    // xss跨站脚本检测
    public static boolean xssInspect(String value) {
        if (StringUtils.isNotBlank(value)) {
            // 避免script 标签
            Pattern scriptPattern = Pattern.compile("", Pattern.CASE_INSENSITIVE);
            if (scriptPattern.matcher(value).matches()) {
                return true;
            }
            // 避免src形式的表达式
            scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
            if (scriptPattern.matcher(value).matches()) {
                return true;
            }
            if (scriptPattern.matcher(value).matches()) {
                return true;
            }
            scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
            if (scriptPattern.matcher(value).matches()) {
                return true;
            }
            // 删除单个的  标签
            scriptPattern = Pattern.compile("", Pattern.CASE_INSENSITIVE);
            if (scriptPattern.matcher(value).matches()) {
                return true;
            }
            // 删除单个的