public String filter(String url) {
String sanitized = url;
sanitized = sanitized.replaceAll("<", "<").replaceAll(">", ">");
sanitized = sanitized.replaceAll("\\(", "(").replaceAll("\\)", ")");
sanitized = sanitized.replaceAll("'", "'");
sanitized = sanitized.replaceAll("eval\\((.*)\\)", "");
sanitized = sanitized.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
return sanitized;
}
防止Cross-site scripting (XSS)
最新推荐文章于 2024-07-25 19:54:12 发布