- 屏蔽用户输入的敏感词:
package com.mtlk.demo;
public class zongjie {
public static void main(String[] args) {
String parm = "<scrscrscriptiptipt>alert(1)</script>";
do {
parm = parm.replaceAll("script", "");
}while(parm.indexOf("script")>0);
System.out.println(parm);
}
}
输出结果
- JAVA代码的屏蔽(破坏)规则
- toLowerCase防止大写注入
- 防止scrip,div,html,标签
package com.mtlk.demo;
import java.util.Scanner;
public class zongjie {
public static void main(String[] args) {
String[] ars = {"script","div","html","<a>"};
Scanner scanner = new Scanner(System.in);
while(true) {
String parm = scanner.next();
parm = parm.toLowerCase();
for(String p : ars) {
do {
parm = parm.replaceAll(p, "");
}while(parm.indexOf(p)>0);
}
System.out.println(parm);
}
}
}
- 两种方法验证文件类型
package com.mtlk.demo;
import java.text.FieldPosition;
import java.util.Scanner;
public class zongjie {
public static void main(String[] args) {
String fileName = "image.jsp";
// int start = fileName.lastIndexOf(".");
// String type = fileName.substring(start);
//
// if(type.equalsIgnoreCase("jpg")) {
// System.out.println("图片文件");
//
// }else {
// System.out.println("其他文件");
// }
//正则表达式的方法
String string = "[a-zA-Z0-9]+.(exe|dll|jsp|asp)";
if(fileName.matches(string)) {
System.out.println("图片文件");
}else {
System.out.println("其他文件");
}
}
}
- 验证URL是不是https开头:
package com.mtlk.demo;
public class zongjie {
public static void main(String[] args) {
String url = "https://www.baidu.com";
if(url.startsWith("https")) {
System.out.println("是https开头的url");
}else {
System.out.println("不是https开头的url");
}
}
}
- 异或加密
- 将明文和密钥从String转成char在转成int型
- int型的明文和密钥进行异或得到int型密文
- 在将int型密文转成char再转成string型输出
package com.mtlk.demo;
public class zongjie {
public static void main(String[] strs) {
String meString = "赵兄托你帮我办点事";
String key = "mtlk12345";
char[] cs = meString.toCharArray();
char[] keys = key.toCharArray();
char[] ms = new char[cs.length];
for(int i = 0;i<cs.length;i++) {
int j =(int)cs[i] ^ (int)keys[i];
ms[i] = (char)j;
}
System.out.println(new String(ms));
}
}