Use of the common commons-lang tool class StringEscapeUtils

In apache commons-lang (version 2.3 and later), we provide a tool class to facilitate escape, mainly to prevent SQL injection and xss injection attacks.

Common commons-lang tool class StringEscapeUtils-wjoygz-pauls private zone

1. escapeSql provides the SQL transfer function to prevent SQL injection attacks, such as typical universal password attacks ''or 1 = 1''

1 StringBuffer SQL = new StringBuffer ("select key_sn, remark, create_date from tb_selogon_key where 1 = 1 ");

2if (! CommUtil. isEmpty (keyWord )){

3sql. append ("and like '%" + StringEscapeUtils. escapeSql (keyWord) + "% '");

2. escapeHtml/unescapeHtml escape/reverse html scripts

1System. out. println (StringEscapeUtils. escapeHtml ("<A> dddd </A> "));

2. The output result is:

<A> dddd </a>

1System. out. println (StringEscapeUtils. unescapeHtml ("<a> dddd </a> "));

2 output:

<A> ddd </A>

3. escapeJavascript/unescapeJavascript escape/reverse JavaScript scripts

1System. out. println (StringEscapeUtils. escapeJavaScript ("<SCRIPT> alert ('20140901') </SCRIPT>

2 "));

3 output:

<Script> alert ('20140901') </script>

4. escapeJava/unescapeJava converts the string to unicode encoding.

1System. out. println (StringEscapeUtils. escapeJava ("China "));

2 output:

The escape string using the escapeJava method is/u4E2D/u56FD/u5171/u4EA7/u515A.

Another example:

Import org. apache. commons. lang. StringEscapeUtils;

Public class EscapeString {

Public static void main (String [] args) throws Exception {

String str = "do not cook with firewood during APEC meetings ";

System. out. println ("The string escaped using the escapeJava method is:" + StringEscapeUtils. escapeJava (str ));

System. out. println ("the string after the definition is reversed using the unescapeJava method:" + StringEscapeUtils. unescapeJava (StringEscapeUtils. escapeJava (str )));

          

System. out. println ("The string escaped using the escapeHtml method is:" + StringEscapeUtils. escapeHtml (str ));

System. out. println ("the string after the meaning is reversed using the unescapeHtml method is:" + StringEscapeUtils. unescapeHtml (StringEscapeUtils. escapeHtml (str )));

          

System. out. println ("The string escaped using the escapeXml method is:" + StringEscapeUtils. escapeXml (str ));

System. out. println ("the string after the definition is reversed using the unescapeXml method is:" + StringEscapeUtils. unescapeXml (StringEscapeUtils. escapeXml (str )));

          

System. out. println ("The string escaped using the escapeJavaScript method is:" + StringEscapeUtils. escapeJavaScript (str ));

System. out. println ("the string after the meaning is reversed using the unescapeJavaScript method is:" + StringEscapeUtils. unescapeJavaScript (StringEscapeUtils. escapeJavaScript (str )));

/** The output result is as follows:

The escape string using the escapeJava method is/u4E2D/u56FD/u5171/u4EA7/u515A.

The string following the reversal of righteousness using the unescapeJava method is: when APEC is held, it is not allowed to cook with firewood.

The character string escaped using the escapeHtml method is: do not cook with firewood during APEC.

The string following the reversal of righteousness using the unescapeHtml method is: when APEC is held, it is not allowed to cook with firewood.

The character string escaped using the escapeXml method is: do not cook with firewood during APEC.

The string following the reversal of righteousness using the unescapeXml method is: when APEC is held, it is not allowed to cook with firewood.

The escape string using the escapeJavaScript method is/u4E2D/u56FD/u5171/u4EA7/u515A.

Use the unescapeJavaScript method to reverse the meaning of the string: When APEC is held, don't let the firewood cook */

    }  

}  

Use of the common commons-lang tool class StringEscapeUtils