例1:
import java.util.regex.Pattern;
public class UrlValidator {
private static final Pattern SAFE_URL_PATTERN = Pattern.compile("^(http|https)://[^/]+/.*$");
public static boolean isSafeUrl(String url) {
if (url == null || url.isEmpty()) {
return false;
}
// 验证 URL 是否符合安全模式
Matcher matcher = SAFE_URL_PATTERN.matcher(url);
if (!matcher.matches()) {
return false;
}
// 验证是否为本地地址或内部地址
try {
URL u = new java.net.URL(url);
String host = u.getHost();
if (isLocalAddress(host) || isInternalAddress(host)) {
return false;
}
} catch (Exception e) {