在Kisso里,找出的防SQL注入 - 过滤 XSS SQL 注入
来源:互联网 发布:紫金银交易软件 编辑:程序博客网 时间:2024/05/17 09:16
/** * @Description XSS脚本内容剥离 * @param value * 待处理内容 * @return */public String strip( String value ) { String rlt = null; if ( value != null ) { // NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to // avoid encoded attacks. // value = ESAPI.encoder().canonicalize(value); // Avoid null characters rlt = value.replaceAll("", ""); // Avoid anything between script tags Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE); rlt = scriptPattern.matcher(rlt).replaceAll(""); // Avoid anything in a src='...' type of expression scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); rlt = scriptPattern.matcher(rlt).replaceAll(""); scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); rlt = scriptPattern.matcher(rlt).replaceAll(""); // Remove any lonesome </script> tag scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE); rlt = scriptPattern.matcher(rlt).replaceAll(""); // Remove any lonesome <script ...> tag scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); rlt = scriptPattern.matcher(rlt).replaceAll(""); // Avoid eval(...) expressions scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); rlt = scriptPattern.matcher(rlt).replaceAll(""); // Avoid expression(...) expressions scriptPattern = Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); rlt = scriptPattern.matcher(rlt).replaceAll(""); // Avoid javascript:... expressions scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE); rlt = scriptPattern.matcher(rlt).replaceAll(""); // Avoid vbscript:... expressions scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE); rlt = scriptPattern.matcher(rlt).replaceAll(""); // Avoid onload= expressions scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); rlt = scriptPattern.matcher(rlt).replaceAll(""); } return rlt;}
0 0
- 在Kisso里,找出的防SQL注入 - 过滤 XSS SQL 注入
- SQL过滤防注入
- php过滤xss,sql注入
- PHP "完美"的防XSS 防SQL注入的代码
- PHP "完美"的防XSS 防SQL注入的代码
- PHP "完美"的防XSS 防SQL注入的代码
- 防SQL注入过滤代码
- SQL防注入过滤函数
- 突破Sql防注入过滤
- sql防注入攻击与xss攻击
- PHP 防SQL注入和XSS攻击
- php防sql注入和xss攻击
- yii过滤xss代码,防止sql注入
- ASP最新SQL防注入过滤函数
- JavaScript防注入SQL过滤涵数
- 两个防SQL注入过滤代码
- 两个防SQL注入过滤代码
- 两个防SQL注入过滤代码
- CSS中星号(*)影响的样式继承性问题
- 转利用_DATE_和_TIME_宏在keil中添加编译日期和时间到C51程序中
- First Blood By Now
- hdu 1150 二分图的最大匹配 hopcroft-karp算法
- 微信公众号开发_ReceiveXmlProcess的代码(九)
- 在Kisso里,找出的防SQL注入 - 过滤 XSS SQL 注入
- Swift 学习笔记 UITableView (二)Overview of the table View API
- HDFS小文件处理及解决方案
- PoEdu_23_数组与指针
- C语言公共基础知识(1)
- Ext ajax传参中文乱码
- 数据库查询语句(exists)
- http://blog.sina.com.cn/s/blog_5f54f0be0101f04y.html
- 【JavaWeb-21】多对多关系、类和关联级别的加载策略、HQL查询详解、Hibernate连接池配置、Hibernate里悲观锁乐观锁使用