/**
* 尽量使用把 转义后的数据放到页面
* 如果用到的<c:out >标签 很多的话可以考虑这种方法
*/
public class StringEscapeUtils {
public static Object escapeHtmlForBean(Object object) {
if(object == null) {
return null;
}
Class<?> srcClass = object.getClass();
Object objNew = BeanUtils.instantiate(srcClass);
BeanWrapper srcBeanWrapper = PropertyAccessorFactory.forBeanPropertyAccess(object);
BeanWrapper dstBeanWrapper = PropertyAccessorFactory.forBeanPropertyAccess(objNew);
Field[] fields = srcClass.getDeclaredFields();
for (Field field : fields) {
Type fieldType = field.getGenericType();
String fieldName = field.getName();
if( srcBeanWrapper.isReadableProperty(fieldName) == false ||
srcBeanWrapper.isWritableProperty(fieldName) == false ) {
continue;
}
Object fieldValue = srcBeanWrapper.getPropertyValue(fieldName);
if(fieldValue!=null) {
if (fieldType.equals(String.class)) {
fieldValue = escapeHtml((String)fieldValue);
} else if(field.isAnnotationPresent((Class<? extends Annotation>) Model.class)) {
fieldValue = escapeHtmlForBean(fieldValue);
}
}
dstBeanWrapper.setPropertyValue(fieldName, fieldValue);
}
return objNew;
}
public static String escapeHtml(String string) {
if (string != null) {
string = string.replaceAll("&", "&");
string = string.replaceAll(" ", " ");
string = string.replaceAll("<", "<");
string = string.replaceAll(">", ">");
string = string.replaceAll("\"", """);
string = string.replaceAll("\\\\", "\");
string = string.replaceAll("(\r\n|\r|\n|\n\r)", "<br>");
}
return string;
}
}