XSS protection classes for two java versions

Last Update:2013-12-12 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Neeaos Security Blog

PS: company code review. I found there were still N + XSS attacks. I searched for them and found two. Let's put them here first! Next, let's debug it.

//
// AntiXSS for Java
// Http://www.gdssecurity.com/l/ B /2007/12/29/antixss-for-java/
// This is a port of the Microsoft AntiXSS library v1.5 for Java.
//
// This shoshould be compatible with JVMs implementing the Java 5 or greater standards (Java 1.5 or greater)
//
// Created by Justin Clarke on 18/11/2007.
// Copyright (c) 2007 Gotham Digital Science. All rights reserved.
//
Package com. gdssecurity. utils;

Import java. lang. String;
Import java. lang. StringBuilder;
Import java. text. StringCharacterIterator;
Import java. text. CharacterIterator;

Public class AntiXSS {

// Private variables
Private static String EmptyString_JavaScript = "";
Private static String EmptyString_VBS = """";
Private static String EmptyString = "";
Private static StringBuffer strb;
Private static StringCharacterIterator sci;

Private static String EncodeHtml (String strInput ){
If (strInput. length () = 0 ){
Return EmptyString;
}
StringBuilder builder = new StringBuilder (strInput. length () * 2 );
CharacterIterator it = new StringCharacterIterator (strInput );
For (char ch = it. first (); ch! = CharacterIterator. DONE; ch = it. next ()){
If (ch> ') & (ch <{) | (ch >@) & (ch <[)))
| (Ch =) | (ch>/) & (ch <:)) | (ch = .) | (ch =,) | (ch =-) | (ch = _))))){
Builder. append (ch );
} Else {
Builder. append ("& #" + (int) ch + ";");
}
}
Return builder. toString ();
}

Private static String EncodeHtmlAttribute (String strInput ){
If (strInput. length () = 0 ){
Return EmptyString;
}
StringBuilder builder = new StringBuilder (strInput. length () * 2 );
CharacterIterator it = new StringCharacterIterator (strInput );
For (char ch = it. first (); ch! = CharacterIterator. DONE; ch = it. next ()){
If (ch> ') & (ch <{) | (ch >@) & (ch <[)))
| (Ch>/) & (ch <:)) | (ch = .) | (ch =,) | (ch =-) | (ch = _))))){
Builder. append (ch );
} Else {
Builder. append ("& #" + (int) ch + ";");
}
}
Return builder. toString ();
}

Private static String EncodeJs (String strInput ){
If (strInput. length () = 0 ){
Return EmptyString_JavaScript;
}
StringBuilder builder = new StringBuilder ("");
CharacterIterator it = new StringCharacterIterator (strInput );
For (char ch = it. first (); ch! = CharacterIterator. DONE; ch = it. next ()){
If (ch> ') & (ch <{) | (ch >@) & (ch <[)))
| (Ch =) | (ch>/) & (ch <:)) | (ch = .) | (ch =,) | (ch =-) | (ch = _))))){
Builder. append (ch );
} Else if (ch> u007f ){
Builder. append ("\ u" + TwoByteHex (ch ));
} Else {
Builder. append ("\ x" + SingleByteHex (ch ));
}
}
Builder. append ("");
Return builder. toString ();
}

Private static String EncodeUrl (String strInput ){
If (strInput. length () = 0 ){
Return EmptyString;
}
StringBuilder builder = new StringBuilder (strInput. length () * 2 );
CharacterIterator it = new StringCharacterIterator (strInput );
For (char ch = it. first (); ch! = CharacterIterator. DONE; ch = it. next ()){
If (ch> ') & (ch <{) | (ch >@) & (ch <[)))
| (Ch>/) & (ch <:)) | (ch = .) | (ch =-) | (ch = _)))){
Builder. append (ch );
} Else if (ch> u007f ){
Builder. append ("% u" + TwoByteHex (ch ));
} Else {
Builder. append ("%" + SingleByteHex (ch ));
}
}
Return builder. toString ();
}

Private static String EncodeVbs (String strInput ){
If (strInput. length () = 0 ){
Return EmptyString_VBS;
}
StringBuilder builder = new StringBuilder (strInput. length () * 2 );
Boolean flag = false;
CharacterIterator it = new StringCharacterIterator (strInput );
For (char ch = it. first (); ch! = CharacterIterator. DONE; ch = it. next ()){
If (ch> ') & (ch <{) | (ch >@) & (ch <[)))
| (Ch =) | (ch>/) & (ch <:)) | (ch = .) | (ch =,) | (ch =-) | (ch = _))))){
If (! Flag ){
Builder. append ("&"");
Flag = true;
}
Builder. append (ch );
} Else {
If (flag ){
Builder. append (""");
Flag = false;
}
Builder. append ("& chrw (" + (long) ch + ")");
}
}
If (builder. length ()> 0) & (builder. charAt (0) == &)){
Builder. delete (0, 1 );
}
If (builder. length () = 0 ){
Builder. insert (0 ,"""");
}
If (flag ){
Builder. append (""");
}
Return builder. toStr

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

XSS protection classes for two java versions

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

XSS protection classes for two java versions

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support