首页 > 其他分享> > 后端xss漏洞处理

后端xss漏洞处理

2022-01-06 14:33:22 作者：互联网

关于什么是xss漏洞参考：https://blog.csdn.net/cpongo11/article/details/103312716

对页面传入的参数值进行过滤，过滤方法如下

public static  String xssEncode(String s) {
        if (s == null || s.equals("")) {
            return s;
        }
        try {
            s = URLDecoder.decode(s, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        //< > ' " \ / # &
        s = s.replaceAll("<", "<").replaceAll(">", ">");
        s = s.replaceAll("\\(", "(").replaceAll("\\)", ")");
        s = s.replaceAll("'", "'");
        s = s.replaceAll("eval\\((.*)\\)", "");
        s = s.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
        s = s.replaceAll("script", "");
        s = s.replaceAll("#", "＃");
        s = s.replaceAll("%", "％");
        return s;
    }

标签：xss,return,String,后端,过滤,漏洞,replaceAll
来源： https://www.cnblogs.com/banxia-boke/p/15770960.html