JS Filters HTML http://jsxss.com/zh/index.html based on white list
Programme one:
Java is a solution, you can refer to: http://winnie825.iteye.com/blog/1170833
Save some filtering information in XML
<?xml version= "1.0" encoding= "UTF-8"?>
<XSSConfig>
< If the header check is!--
<isCheckHeader>false</isCheckHeader>
<!--do parameter checksum
<isCheckParameter>true</isCheckParameter>
< if!--Log--
<isLog>true</isLog>
<!--whether to interrupt the request--
<isChain>false</isChain>
<!--whether to turn on special character replacement--
<replace>true</replace>
< whether special URL check is turned on!--
<isCheckUrl>true</isCheckUrl>
<regexList>
<!--match contains characters: alert ()--
<regex><! [Cdata[.*[a|a][l|l][e|e][r|r][t|t]\\s*\\ (. *\\) .*]]></regex>
<!--match contains characters: window.location =-
<regex><! [cdata[.*[w|w][i|i][n|n][d|d][o|o][w|w]\\.[ L|l][o|o][c|c][a|a][t|t][i|i][o|o][n|n]\\s*=.*]]></regex>
<!--match contains characters: style = X:ex pression ()--
<regex><! [Cdata[.*[s|s][t|t][y|y][l|l][e|e]\\s*=.*[x|x]:[e|e][x|x].*[p|p][r|r][e|e][s|s]{1,2}[i|i][o|o][n|n]\\s*\\ (. *\\ ) .*]]></regex>
<!--match contains characters: Document.cookie--
<regex><! [cdata[.*[d|d][o|o][c|c][u|u][m|m][e|e][n|n][t|t]\\.[ C|c][o|o]{2}[k|k][i|i][e|e].*]]></regex>
<!--match contains characters: eval ()--
<regex><! [Cdata[.*[e|e][v|v][a|a][l|l]\\s*\\ (. *\\) .*]]></regex>
<!--match contains characters: unescape ()--
<regex><! [Cdata[.*[u|u][n|n][e|e][s|s][c|c][a|a][p|p][e|e]\\s*\\ (. *\\) .*]]></regex>
<!--match contains characters: Execscript ()--
<regex><! [Cdata[.*[e|e][x|x][e|e][c|c][s|s][c|c][r|r][i|i][p|p][t|t]\\s*\\ (. *\\) .*]]></regex>
<!--match contains characters: MsgBox ()--
<regex><! [Cdata[.*[m|m][s|s][g|g][b|b][o|o][x|x]\\s*\\ (. *\\) .*]]></regex>
<!--match contains characters: confirm ()--
<regex><! [Cdata[.*[c|c][o|o][n|n][f|f][i|i][r|r][m|m]\\s*\\ (. *\\) .*]]></regex>
<!--match contains characters: prompt ()--
<regex><! [Cdata[.*[p|p][r|r][o|o][m|m][p|p][t|t]\\s*\\ (. *\\) .*]]></regex>
<!--match contains characters: <script> </script>-
<regex><! [cdata[.*<[s|s][c|c][r|r][i|i][p|p][t|t]>.*</[s|s][c|c][r|r][i|i][p|p][t|t]>.*]]></regex>
<!--match contains characters: contains a symbol: "-
<regex><! [cdata[[.&[^\ "]]*\" [. &[^\ "]]*]]></regex>
<!--match contains characters: contains a symbol: '--
<regex><! [cdata[[.&[^ ']]* ' [. &[^ ']]*]]></regex>
<!--match contains characters: include carriage return and <script> </script>--
<regex><! [cdata[[[.&[^a]]|[| A|\n|\r\n|\r|\u0085|\u2028|\u2029]]*<[s|s][c|c][r|r][i|i][p|p][t|t]>.*</[s|s][c|c][r|r][i|i][p|p][t|t ]>[[.&[^a]]|[| A|\n|\r\n|\r|\u0085|\u2028|\u2029]]*]]></regex>
</regexList>
</XSSConfig>
Scenario Two:
http://blog.csdn.net/catoop/article/details/50338259
xss-html Filtration