在Ｋisso里，找出的防SQL注入 － 过滤 XSS SQL 注入

/** * @Description XSS脚本内容剥离 * @param value *              待处理内容 * @return */public String strip( String value ) {   String rlt = null;   if ( value != null ) {      // NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to      // avoid encoded attacks.      // value = ESAPI.encoder().canonicalize(value);      // Avoid null characters      rlt = value.replaceAll("", "");      // Avoid anything between script tags      Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE);      rlt = scriptPattern.matcher(rlt).replaceAll("");      // Avoid anything in a src='...' type of expression      scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE            | Pattern.MULTILINE | Pattern.DOTALL);      rlt = scriptPattern.matcher(rlt).replaceAll("");      scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE            | Pattern.MULTILINE | Pattern.DOTALL);      rlt = scriptPattern.matcher(rlt).replaceAll("");      // Remove any lonesome </script> tag      scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE);      rlt = scriptPattern.matcher(rlt).replaceAll("");      // Remove any lonesome <script ...> tag      scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE            | Pattern.MULTILINE | Pattern.DOTALL);      rlt = scriptPattern.matcher(rlt).replaceAll("");      // Avoid eval(...) expressions      scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE            | Pattern.MULTILINE | Pattern.DOTALL);      rlt = scriptPattern.matcher(rlt).replaceAll("");      // Avoid expression(...) expressions      scriptPattern = Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE            | Pattern.MULTILINE | Pattern.DOTALL);      rlt = scriptPattern.matcher(rlt).replaceAll("");      // Avoid javascript:... expressions      scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE);      rlt = scriptPattern.matcher(rlt).replaceAll("");      // Avoid vbscript:... expressions      scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE);      rlt = scriptPattern.matcher(rlt).replaceAll("");      // Avoid onload= expressions      scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE            | Pattern.MULTILINE | Pattern.DOTALL);      rlt = scriptPattern.matcher(rlt).replaceAll("");   }   return rlt;}