[java] XSS 필터링 메소드

/**
 * xss 공격을 필터링 합니다.
 * @param content 사용자가 입력한 내용
 * @return content 필터링 이후 내용
 */
public static String xssFilter (String content){
    /* first filter :: START */
    String[] xss = new String[]{
                "onstop","layer","javascript","eval","onactivae","onfocusin","applet","document","onclick","onkeydown","xml",
                "create","onbeforecut","onkeyup","link","binding","ondeactivate","onload","script","msgbox","ondragend",
                "onbounce","object","embed","ondragleave","onmovestart","frame","applet","ondragstart","onmouseout","ilayer",
                "javascript","onerror","onmouseup","bgsound","href","embed","onabort","base","onstart","onfocus",
                "onmovestart","onmove","onrowexit","onunload","onsubmit","innerHTML","onpaste","ondblclick","vbscript",
                "charset","onresize","ondrag","expression","string","onselect","ondragenter","onchange","append","onscroll",
                "ondragover","meta","alert","title","ondrop","void","refresh","iframe","oncopy","oncut","ilayer","blink",
                "onfinish","frameset","cookie","style","onreset","onselectstart"
            };
    String[] xssQuot = new String[xss.length];
    for (int i = 0; i < xss.length; i++) {
        xssQuot[i] = "";
    }
    content=StringUtils.replaceEach(content, xss, xssQuot);
    /* first filter :: END */
    
    /* second filter :: START */
    String[] garbage = new String[]{"onclick=()","=(.)"};
    String[] garbageQuot = new String[garbage.length];
    for (int i = 0; i < garbage.length; i++) {
        garbageQuot[i] = "";
    }
    content=StringUtils.replaceEach(content,garbage,garbageQuot);
    /* second filter :: END */
 
    /* tag filter :: START */
    content=StringUtils.replaceEach(content, 
                new String[]{"<",">","(",")","#","&","\"","'","/"}, 
                new String[]{"&lt;","&gt;","&#40;","&#41;","&#35;","&#38;","&quot;","&#x27;","&#x2F;"}
            );
    /* tag filter :: END */
    return content;
}