后端xss漏洞处理

关于什么是xss漏洞 参考:https://blog.csdn.net/cpongo11/article/details/103312716

对页面传入的参数值进行过滤,过滤方法如下

public static  String xssEncode(String s) {
        if (s == null || s.equals("")) {
            return s;
        }
        try {
            s = URLDecoder.decode(s, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        //< > ' " \ / # &
        s = s.replaceAll("<", "<").replaceAll(">", ">");
        s = s.replaceAll("\\(", "(").replaceAll("\\)", ")");
        s = s.replaceAll("'", "'");
        s = s.replaceAll("eval\\((.*)\\)", "");
        s = s.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
        s = s.replaceAll("script", "");
        s = s.replaceAll("#", "#");
        s = s.replaceAll("%", "%");
        return s;
    }

 

posted @ 2022-01-06 14:30  不是安逸  阅读(161)  评论(0编辑  收藏  举报