当要将页面的信息写入数据库 并读取出来的时候 要防止js注入
使用spring-web里面的这个类可以解决问题
HtmlUtils.htmlEscape("string")
该类里面的这个方法可以将一些可疑字符进行转化后存入到数据库中
public String convertToReference(char character, String encoding) {
if (encoding.startsWith("UTF-")){
switch (character){
case '<':
return "<";
case '>':
return ">";
case '"':
return """;
case '&':
return "&";
case '\'':
return "'";
}
}
else if (character < 1000 || (character >= 8000 && character < 10000)) {
int index = (character < 1000 ? character : character - 7000);
String entityReference = this.characterToEntityReferenceMap[index];
if (entityReference != null) {
return entityReference;
}
}
return null;
}
if (encoding.startsWith("UTF-")){
switch (character){
case '<':
return "<";
case '>':
return ">";
case '"':
return """;
case '&':
return "&";
case '\'':
return "'";
}
}
else if (character < 1000 || (character >= 8000 && character < 10000)) {
int index = (character < 1000 ? character : character - 7000);
String entityReference = this.characterToEntityReferenceMap[index];
if (entityReference != null) {
return entityReference;
}
}
return null;
}