Web page garbled Solution
String content = Teacher_mytask_detaillist.get (1) + "";//Get the field values in the database and replace them accordingly .
Content = Content.replaceall ("<", "<"). ReplaceAll (">", ">");
Content = Content.replaceall ("& #40;", "\ \"). ReplaceAll ("& #41;", "\ \)");
Content = Content.replaceall ("& #39;", "'");
Content = Content.replaceall ("& #34;", "\" ");
To replace the contents of the display with garbled characters
Add a whitelist page under the corresponding project's class file
Add method
Find the appropriate filter XML file and add the files that need to be filtered.
The following is a filter that adds a filter to an XSS cross-site attack
[email protected] classes]$ cat Whatysecurity.xml
<?xml version= "1.0" encoding= "UTF-8"?>
<root>
<!--2?? 3?? y?ò±í′?? -
<exclusion>
<url value= "/exclusion/test.jsp"/>
<url value= "/exclusion/test1.jsp"/>
</exclusion>
<filters>
<!--url?3?? y?ò±í′?? -
<filter name= "XSS" >
<!--0±í?2?? T?? 1±í?html? T??? Url?3?? y?ò±í′?? 2?ì?дparm?? 2?2?êy£?2?êy?éò?,o??? A-->
<item url= "^/standard/blank_\w+.action" param= "A, b" type= "0"/>
<item url= "^/examples/upload_upload.action" param= "note" type= "1"/>
<item url= "^/training/manager/courseware/enter_courseware.jsp" type= "0"/>
<item url= "^/courseware/normalhttp/normalhttp_set.jsp" type= "0"/>
<item url= "^/courseware/normalhttp/normalhttp_setexe.jsp" type= "0"/>
Added add-ons <item url= "^/training/classmanager/classnotice_add.jsp" type= "0"/>
Modify Edit Item <item url= "^/training/classmanager/classnotice_edit.jsp" type= "0"/>
</filter>
<filter name= "Upload" >
<!--1±í?′óс2?? T?? 2±í?ààd??? T?? 3?? 2?? T?? Url2?? 3?? Y?ò£?2?êy?éò?,o??? A--><item url= "/examples/upload_upload.action" param= "file1" type= "0"/>
</filter>
<filter name= "SQL" >
<!--url?3?? Y?ò£?2?ì?дparm?? 2?2?êy£?2?êy?éò?,o??? A-->
<item url= "^/examples/upload_\w+.action" param= "Field1,field2"/>
</filter>
</filters>
</root>
Using the editor to upload code to the database, the code in the database has HTML code, the foreground display HTML garbled processing