簡單效驗
1.javax.validation包下 的
轉載自
2.apache工具包common-lang中的工具類,其中之一就是StringEscapeUtil
複雜效驗MatchTest工具類
package com.hwqh.huawenstockuser.utils.string;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.regex.Pattern;
public class MatchTest {
public static void main(String[] args) {
String s = "1234567890-=!@#$%^^&*()_~!@#$%^^&*()_QWERTYUIOP{}{|":LKGFSAZXCVBNM<>?"}"?>?>?>?>?>?>?<><<><><>?>?>?>>>>>>>>>>>>>>>>>>>>>L:::::::::::::::::::::::::::::::::::::::::::::::::::::::::""::';\n" +
"\n" +
"';';[qw87287636425326473247256~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";
System.out.println(containsAll(s));
}
public static boolean containsAll(String str) {
if (str.contains("*")) {
return true;
}
if (str.contains("'")) {
return true;
}
if (str.contains("~")) {
return true;
}
if (str.contains(">")) {
return true;
}
if (str.contains("*")) {
return true;
}
if (str.contains("<")) {
return true;
}
if (str.contains("&")) {
return true;
}
if (str.contains("%")) {
return true;
}
if (str.contains("$")) {
return true;
}
if (str.contains("@")) {
return true;
}
if (str.contains("=")) {
return true;
}
if (str.contains("or")) {
return true;
}
return false;
}
public static String replaceXSS(String value) {
if (value != null) {
try {
value = value.replace("+", "%2B");
value = URLDecoder.decode(value, "utf-8");
} catch (UnsupportedEncodingException e) {
} catch (IllegalArgumentException e) {
}
value = value.replaceAll("\0", "");
Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("alert", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
scriptPattern = Pattern.compile("vbscript[\r\n| | ]*:[\r\n| | ]*", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
}
return value;
}
public static String filter(String value) {
if (value == null) {
return null;
}
StringBuffer result = new StringBuffer(value.length());
for (int i = 0; i < value.length(); ++i) {
switch (value.charAt(i)) {
case '<':
result.append("<");
break;
case '>':
result.append(">");
break;
case '"':
result.append("\"");
break;
case '\'':
result.append("'");
break;
case '%':
result.append("%");
break;
case ';':
result.append(";");
break;
case '(':
result.append("(");
break;
case ')':
result.append(")");
break;
case '&':
result.append("&");
break;
case '+':
result.append("+");
break;
default:
result.append(value.charAt(i));
break;
}
}
return result.toString();
}
}