Java
[java] XSS 필터링 메소드
혜춘
2020. 7. 16. 15:46
728x90
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | /** * xss 공격을 필터링 합니다. * @param content 사용자가 입력한 내용 * @return content 필터링 이후 내용 */ public static String xssFilter (String content){ /* first filter :: START */ String[] xss = new String[]{ "onstop","layer","javascript","eval","onactivae","onfocusin","applet","document","onclick","onkeydown","xml", "create","onbeforecut","onkeyup","link","binding","ondeactivate","onload","script","msgbox","ondragend", "onbounce","object","embed","ondragleave","onmovestart","frame","applet","ondragstart","onmouseout","ilayer", "javascript","onerror","onmouseup","bgsound","href","embed","onabort","base","onstart","onfocus", "onmovestart","onmove","onrowexit","onunload","onsubmit","innerHTML","onpaste","ondblclick","vbscript", "charset","onresize","ondrag","expression","string","onselect","ondragenter","onchange","append","onscroll", "ondragover","meta","alert","title","ondrop","void","refresh","iframe","oncopy","oncut","ilayer","blink", "onfinish","frameset","cookie","style","onreset","onselectstart" }; String[] xssQuot = new String[xss.length]; for (int i = 0; i < xss.length; i++) { xssQuot[i] = ""; } content=StringUtils.replaceEach(content, xss, xssQuot); /* first filter :: END */ /* second filter :: START */ String[] garbage = new String[]{"onclick=()","=(.)"}; String[] garbageQuot = new String[garbage.length]; for (int i = 0; i < garbage.length; i++) { garbageQuot[i] = ""; } content=StringUtils.replaceEach(content,garbage,garbageQuot); /* second filter :: END */ /* tag filter :: START */ content=StringUtils.replaceEach(content, new String[]{"<",">","(",")","#","&","\"","'","/"}, new String[]{"<",">","(",")","#","&",""","'","/"} ); /* tag filter :: END */ return content; } | cs |
반응형