private String stripXSS(String value) { if (value != null) { // NOTE: It‘s highly recommended to use the ESAPI library and uncomment the following line to // avoid encoded attacks. // value = ESAPI.encoder().canonicalize(value); // Avoid null characters value = value.replaceAll("", ""); // Avoid anything between script tags Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Avoid anything in a src="..." type of e-xpression scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\‘(.*?)\\\‘", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.
XSS攻击Filter
最新推荐文章于 2022-12-01 10:58:31 发布
本文探讨了一种更简便有效的方法来防止XSS(跨站脚本)攻击,通过实施精细的过滤策略,增强网站的安全性。
摘要由CSDN通过智能技术生成