Html:
There are 2 common helper classes: one is Spring htmlutils and the other is Apache.commons stringescapeutils
1 Public Static voidtesthtml () {2String str = "<a href= ' http://www.qq.com ' >QQ</a><script>";3 /**4 * Spring's htmlutils is escaped 5 */6 //<a href=& #39;http://www.qq.com& #39;> Qq</a><script>7 System.out.println (Org.springframework.web.util.HtmlUtils.htmlEscape (str));8 //& #60; a href=& #39;http://www.qq.com& #39;& #62; qq& #60;/a& #62;& #60;script& #62;9 System.out.println (Org.springframework.web.util.HtmlUtils.htmlEscapeDecimal (str));Ten //& #x3c; a href=& #x27;http://www.qq.com& #x27;& #x3e; qq& #x3c;/a& #x3e;& #x3c;script& #x3e; One System.out.println (Org.springframework.web.util.HtmlUtils.htmlEscapeHex (str)); A - /** - * Spring's htmlutils to restore the */ - //<a href= 'http://www.qq.com' >QQ</a><script> -System.out.println (Org.springframework.web.util.HtmlUtils.htmlUnescape ("<a href=& #39; http:// www.qq.com& #39;> Qq</a><script> ")); - //<a href= 'http://www.qq.com' >QQ</a><script> +System.out.println (Org.springframework.web.util.HtmlUtils.htmlUnescape ("& #60; a href=& #39; http:// www.qq.com& #39;& #62; qq& #60;/a& #62;& #60;script& #62; ")); - //<a href= 'http://www.qq.com' >QQ</a><script> +System.out.println (Org.springframework.web.util.HtmlUtils.htmlUnescape ("& #x3c; a href=& #x27; http:// www.qq.com& #x27;& #x3e; qq& #x3c;/a& #x3e;& #x3c;script& #x3e; ")); A at /** - * Stringescapeutils of Apache is escaped - */ - //<a href= 'http://www.qq.com' > Qq</a><script> - System.out.println (org.apache.commons.lang.StringEscapeUtils.escapeHtml (str)); - in /** - * Apache's stringescapeutils to restore to */ + //<a href= 'http://www.qq.com' >QQ</a><script> -System.out.println (org.apache.commons.lang.StringEscapeUtils.unescapeHtml ("<a href= ' http://www.qq.com ' > Qq</a><script> ")); the}
Javascript:
There are 2 common helper classes: one is Spring javascriptutils and the other is Apache.commons stringescapeutils
1 Public Static voidTestjavascript () {2String js = "<script type= ' Text/javascript ' >var a=10;alert (a);</script>";3 /**4 * Spring's javascriptutils is escaped, no restore method is provided 5 */6 //\u003cscript type=\ ' text\/javascript\ ' \u003evar a=10;alert (a); \u003c\/script\u003e7 System.out.println (Org.springframework.web.util.JavaScriptUtils.javaScriptEscape (JS));8 9 /**Ten * Stringescapeutils of Apache is escaped One */ A //<script type=\ ' text\/javascript\ ' >var a=10;alert (a);<\/script> - System.out.println (Org.apache.commons.lang.StringEscapeUtils.escapeJavaScript (JS)); - /** the * Apache's stringescapeutils to restore - */ - //<script type= ' text/javascript ' >var a=10;alert (a);</script> - System.out.println (Org.apache.commons.lang.StringEscapeUtils.unescapeJavaScript ( Org.apache.commons.lang.StringEscapeUtils.escapeJavaScript (JS))); +}
Sql:
Apache.commons under the Stringescapeutils
/** * */ = "SELECT * from table where username= '" + org.apache.commons.lang.StringEscapeUtils.escapeSql ("admin ' or ' 1=1" ) + "' and password= ' admin '"; // select * FROM table where username= ' admin ' or ' 1=1 ' and password= ' admin ' SYSTEM.OUT.PRINTLN (SQL);
Java background escapes special characters for front-end input