HTML过滤器改为将html转义
This commit is contained in:
parent
fe030cc022
commit
22225a5119
|
@ -144,7 +144,10 @@ public class EscapeUtil
|
||||||
|
|
||||||
public static void main(String[] args)
|
public static void main(String[] args)
|
||||||
{
|
{
|
||||||
String html = "alert('11111');";
|
String html = "<script>alert(1);</script>";
|
||||||
|
// String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
|
||||||
|
// String html = "<123";
|
||||||
|
// String html = "123>";
|
||||||
System.out.println(EscapeUtil.clean(html));
|
System.out.println(EscapeUtil.clean(html));
|
||||||
System.out.println(EscapeUtil.escape(html));
|
System.out.println(EscapeUtil.escape(html));
|
||||||
System.out.println(EscapeUtil.unescape(html));
|
System.out.println(EscapeUtil.unescape(html));
|
||||||
|
|
|
@ -131,7 +131,7 @@ public final class HTMLFilter
|
||||||
vAllowedEntities = new String[] { "amp", "gt", "lt", "quot" };
|
vAllowedEntities = new String[] { "amp", "gt", "lt", "quot" };
|
||||||
stripComment = true;
|
stripComment = true;
|
||||||
encodeQuotes = true;
|
encodeQuotes = true;
|
||||||
alwaysMakeTags = true;
|
alwaysMakeTags = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -208,7 +208,7 @@ public final class HTMLFilter
|
||||||
|
|
||||||
s = processRemoveBlanks(s);
|
s = processRemoveBlanks(s);
|
||||||
|
|
||||||
s = validateEntities(s);
|
// s = validateEntities(s);
|
||||||
|
|
||||||
return s;
|
return s;
|
||||||
}
|
}
|
||||||
|
@ -245,6 +245,7 @@ public final class HTMLFilter
|
||||||
// try and form html
|
// try and form html
|
||||||
//
|
//
|
||||||
s = regexReplace(P_END_ARROW, "", s);
|
s = regexReplace(P_END_ARROW, "", s);
|
||||||
|
// 不追加结束标签
|
||||||
s = regexReplace(P_BODY_TO_END, "<$1>", s);
|
s = regexReplace(P_BODY_TO_END, "<$1>", s);
|
||||||
s = regexReplace(P_XML_CONTENT, "$1<$2", s);
|
s = regexReplace(P_XML_CONTENT, "$1<$2", s);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue