[code]
//this field are used tp escape XSS script attach
//get all the html 4 event from http://www.w3schools.com/Html/html_eventattributes.asp
private static final String[][] XSS_CHARS_ESCAPE = {
//Window Events
{"onload", "on_load"},
{"onunload", "on_unload"},
//Form Element Events
{"onchange", "on_change"},
{"onsubmit", "on_submit"},
{"onreset", "on_reset"},
{"onselect", "on_select"},
{"onblur", "on_blur"},
{"onfocus", "on_focus"},
//Keyboard Events
{"onkeydown", "on_keydown"},
{"onkeypress", "on_keypress"},
{"onkeyup", "on_keyup"},
//Mouse Events
{"onclick", "on_click"},
{"ondblclick", "on_dblclick"},
{"onmousedown", "on_mousedown"},
{"onmousemove", "on_mousemove"},
{"onmouseout", "on_mouseout"},
{"onmouseover", "on_mouseover"},
{"onmouseup", "on_mouseup"},
//html 5 event attribute
//from http://www.w3schools.com/tags/html5_ref_eventattributes.asp
{"onabort", "on_abort"},
{"onbeforeunload", "on_beforeunload"},
{"oncontextmenu", "on_contextmenu"},
{"ondrag", "on_drag"},
{"ondragend", "on_dragend"},
{"ondragenter", "on_dragenter"},
{"ondragleave", "on_dragleave"},
{"ondragover", "on_dragover"},
{"ondragstart", "on_dragstart"},
{"ondrop", "on_drop"},
{"onerror", "on_error"},
{"onmessage", "on_message"},
{"onmousewheel", "on_mousewheel"},
{"onresize", "on_resize"},
{"onscroll", "on_scroll"},
{"onunload", "on_unload"},
//JS header
{"javascript:", "java_script:"},
{"jscript:", "j_script:"},
{"vbscript:", "vb_script:"},
{"<script>", "<script>"},
{"</script>", "</script>"},
//IE only event
{"onactivate","onactivate"},
{"onafterprint","onafterprint"},
{"onafterupdate","onafterupdate"},
{"onbeforeactivate","onbeforeactivate"},
{"onbeforecopy","onbeforecopy"},
{"onbeforecut","onbeforecut"},
{"onbeforedeactivate","onbeforedeactivate"},
{"onbeforeeditfocus","onbeforeeditfocus"},
{"onbeforepaste","onbeforepaste"},
{"onbeforeprint","onbeforeprint"},
{"onbeforeupdate","onbeforeupdate"},
{"onbounce","onbounce"},
{"oncontrolselect","oncontrolselect"},
{"oncopy","oncopy"},
{"oncut","oncut"},
{"ondataavailable","ondataavailable"},
{"ondatasetchanged","ondatasetchanged"},
{"ondeactivate","ondeactivate"},
{"onerrorupdate","onerrorupdate"},
{"onfilterchange","onfilterchange"},
{"onfinish","onfinish"},
{"onhelp","onhelp"},
{"onlayoutcomplete","onlayoutcomplete"},
{"onlosecapture","onlosecapture"},
{"onmouseenter","onmouseenter"},
{"onmouseleave","onmouseleave"},
{"onmove","onmove"},
{"onmoveend","onmoveend"},
{"onmovestart","onmovestart"},
{"onpaste","onpaste"},
{"onpropertychange","onpropertychange"},
{"onreadystatechanged","onreadystatechanged"},
{"onresizeend","onresizeend"},
{"onresizestart","onresizestart"},
{"onrowenter","onrowenter"},
{"onrowexit","onrowexit"},
{"onrowsdelete","onrowsdelete"},
{"onrowsinserted","onrowsinserted"},
{"onstart","onstart"},
{"onstop","onstop"},
{"ontimeerror","ontimeerror"}
};
[/code]
[code]
private static String replaceIgnoreSearchCase(String text, String searchString, String replacement) {
if (StringUtils.isEmpty(text) || StringUtils.isEmpty(searchString) || replacement == null) {
return text;
}
searchString = searchString.toUpperCase();
final String textUperCase = text.toUpperCase();
int start = 0;
int end = textUperCase.indexOf(searchString, start);
if (end == -1) {
return text;
}
int replLength = searchString.length();
int increase = replacement.length() - replLength;
increase = (increase < 0 ? 0 : increase);
increase *= 16;
StringBuffer buf = new StringBuffer(text.length() + increase);
while (end != -1) {
buf.append(text.substring(start, end)).append(replacement);
start = end + replLength;
end = textUperCase.indexOf(searchString, start);
}
buf.append(text.substring(start));
return buf.toString();
}
[/code]
//this field are used tp escape XSS script attach
//get all the html 4 event from http://www.w3schools.com/Html/html_eventattributes.asp
private static final String[][] XSS_CHARS_ESCAPE = {
//Window Events
{"onload", "on_load"},
{"onunload", "on_unload"},
//Form Element Events
{"onchange", "on_change"},
{"onsubmit", "on_submit"},
{"onreset", "on_reset"},
{"onselect", "on_select"},
{"onblur", "on_blur"},
{"onfocus", "on_focus"},
//Keyboard Events
{"onkeydown", "on_keydown"},
{"onkeypress", "on_keypress"},
{"onkeyup", "on_keyup"},
//Mouse Events
{"onclick", "on_click"},
{"ondblclick", "on_dblclick"},
{"onmousedown", "on_mousedown"},
{"onmousemove", "on_mousemove"},
{"onmouseout", "on_mouseout"},
{"onmouseover", "on_mouseover"},
{"onmouseup", "on_mouseup"},
//html 5 event attribute
//from http://www.w3schools.com/tags/html5_ref_eventattributes.asp
{"onabort", "on_abort"},
{"onbeforeunload", "on_beforeunload"},
{"oncontextmenu", "on_contextmenu"},
{"ondrag", "on_drag"},
{"ondragend", "on_dragend"},
{"ondragenter", "on_dragenter"},
{"ondragleave", "on_dragleave"},
{"ondragover", "on_dragover"},
{"ondragstart", "on_dragstart"},
{"ondrop", "on_drop"},
{"onerror", "on_error"},
{"onmessage", "on_message"},
{"onmousewheel", "on_mousewheel"},
{"onresize", "on_resize"},
{"onscroll", "on_scroll"},
{"onunload", "on_unload"},
//JS header
{"javascript:", "java_script:"},
{"jscript:", "j_script:"},
{"vbscript:", "vb_script:"},
{"<script>", "<script>"},
{"</script>", "</script>"},
//IE only event
{"onactivate","onactivate"},
{"onafterprint","onafterprint"},
{"onafterupdate","onafterupdate"},
{"onbeforeactivate","onbeforeactivate"},
{"onbeforecopy","onbeforecopy"},
{"onbeforecut","onbeforecut"},
{"onbeforedeactivate","onbeforedeactivate"},
{"onbeforeeditfocus","onbeforeeditfocus"},
{"onbeforepaste","onbeforepaste"},
{"onbeforeprint","onbeforeprint"},
{"onbeforeupdate","onbeforeupdate"},
{"onbounce","onbounce"},
{"oncontrolselect","oncontrolselect"},
{"oncopy","oncopy"},
{"oncut","oncut"},
{"ondataavailable","ondataavailable"},
{"ondatasetchanged","ondatasetchanged"},
{"ondeactivate","ondeactivate"},
{"onerrorupdate","onerrorupdate"},
{"onfilterchange","onfilterchange"},
{"onfinish","onfinish"},
{"onhelp","onhelp"},
{"onlayoutcomplete","onlayoutcomplete"},
{"onlosecapture","onlosecapture"},
{"onmouseenter","onmouseenter"},
{"onmouseleave","onmouseleave"},
{"onmove","onmove"},
{"onmoveend","onmoveend"},
{"onmovestart","onmovestart"},
{"onpaste","onpaste"},
{"onpropertychange","onpropertychange"},
{"onreadystatechanged","onreadystatechanged"},
{"onresizeend","onresizeend"},
{"onresizestart","onresizestart"},
{"onrowenter","onrowenter"},
{"onrowexit","onrowexit"},
{"onrowsdelete","onrowsdelete"},
{"onrowsinserted","onrowsinserted"},
{"onstart","onstart"},
{"onstop","onstop"},
{"ontimeerror","ontimeerror"}
};
[/code]
[code]
private static String replaceIgnoreSearchCase(String text, String searchString, String replacement) {
if (StringUtils.isEmpty(text) || StringUtils.isEmpty(searchString) || replacement == null) {
return text;
}
searchString = searchString.toUpperCase();
final String textUperCase = text.toUpperCase();
int start = 0;
int end = textUperCase.indexOf(searchString, start);
if (end == -1) {
return text;
}
int replLength = searchString.length();
int increase = replacement.length() - replLength;
increase = (increase < 0 ? 0 : increase);
increase *= 16;
StringBuffer buf = new StringBuffer(text.length() + increase);
while (end != -1) {
buf.append(text.substring(start, end)).append(replacement);
start = end + replLength;
end = textUperCase.indexOf(searchString, start);
}
buf.append(text.substring(start));
return buf.toString();
}
[/code]
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
