<!--OWASP ESAPI,防御 XSS跨站攻击-->
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.3.1</version>
</dependency>
2、引入esapi的配置文件
Release 2.5.2.0 · ESAPI/esapi-java-legacy · GitHub
3、测试
public static void main(String[] args) {
String s = ESAPI.encoder().encodeForHTML("<a href='sdfs'></a> < script > alert(); </ script >");
System.out.println("对html进行转码:"+s);
s = ESAPI.encoder().encodeForSQL(new MySQLCodec(MySQLCodec.Mode.STANDARD),"select * from nihao");
System.out.println("对MySQL的SQL转码:"+s);
s = ESAPI.encoder().decodeForHTML(s);