package com.learn.xss;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
*
* HTML filtering utility for protecting against XSS (Cross Site Scripting).
*
* This code is licensed LGPLv3
*
* This code is a Java port of the original work in PHP by Cal Hendersen.
* http://code.iamcal.com/php/lib_filter/
*
* The trickiest part of the translation was handling the differences in regex handling
* between PHP and Java. These resources were helpful in the process:
*
* http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
* http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php
* http://www.regular-expressions.info/modifiers.html
*
* A note on naming conventions: instance variables are prefixed with a "v"; global
* constants are in all caps.
*
* Sample use:
* String input = ...
* String clean = new HTMLFilter().filter( input );
*
* The class is not thread safe. Create a new instance if in doubt.
*
* If you find bugs or have suggestions on improvement (especially regarding
* performance), please contact us. The latest version of this
* source, and our contact details, can be found at http://xss-html-filter.sf.net
*/
public final class HTMLFilter {
/** regex flag union representing /si modifiers in php **/
private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
private static final Pattern P_COMMENTS = Pattern.compile("<!--(.*?)-->", Pattern.DOTALL);
private static final Pattern P_COMMENT = Pattern.compile("^!--(.*)--$", REGEX_FLAGS_SI);
private static final Pattern P_TAGS = Pattern.compile("<(.*?)>", Pattern.DOTALL);
private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)", REGEX_FLAGS_SI);
private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.*?)(/?)$", REGEX_FLAGS_SI);
private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=([\"'])(.*?)\\2", REGEX_FLAGS_SI);
private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^\"\\s']+)", REGEX_FLAGS_SI);
private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):", REGEX_FLAGS_SI);
private static final Pattern P_ENTITY = Pattern.compile("&#(\\d+);?");
private static final Pattern P_ENTITY_UNICODE = Pattern.compile("&#x([0-9a-f]+);?");
private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_AMP = Pattern.compile("&");
private static final Pattern P_QUOTE = Pattern.compile("\"");
private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
// @xxx could grow large... maybe use sesat's ReferenceMap
private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap<String, Pattern>();
private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS = new ConcurrentHashMap<String, Pattern>();
/** set of allowed html elements, along with allowed attributes for each element **/
private final Map<String, List<String>> vAllowed;
/** counts of open tags for each (allowable) html element **/
private final Map<String, Integer> vTagCounts = new HashMap<String, Integer>();
/** html elements which must always be self-closing (e.g. "<img />") **/
private final String[] vSelfClosingTags;
/** html elements which must always have separate opening and closing tags (e.g. "<b></b>") **/
private final String[] vNeedClosingTags;
/** set of disallowed html elements **/
private final String[] vDisallowed;
/** attributes which should be checked for valid protocols **/
private final String[] vProtocolAtts;
/** allowed protocols **/
private final String[] vAllowedProtocols;
/** tags which should be removed if they contain no content (e.g. "<b></b>" or "<b />") **/
private final String[] vRemoveBlanks;
/** entities allowed within html markup **/
private final String[] vAllowedEntities;
/** flag determining whether comments are allowed in input String. */
private final boolean stripComment;
private final boolean encodeQuotes;
private boolean vDebug = false;
/**
* flag determining whether to try to make tags when presented with "unbalanced"
* angle brackets (e.g. "<b text </b>" becomes "<b> text </b>"). If set to false,
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;
/** Default constructor.
*
*/
public HTMLFilter() {
vAllowed = new HashMap<>();
final ArrayList<String> a_atts = new ArrayList<String>();
a_atts.add("href");
a_atts.add("target");
vAllowed.put("a", a_atts);
final ArrayList<String> img_atts = new ArrayList<String>();
img_atts.add("src");
img_atts.add("width");
img_atts.add("height");
img_atts.add("alt");
vAllowed.put("img", img_atts);
final ArrayList<String> no_atts = new ArrayList<String>();
vAllowed.put("b", no_atts);
vAllowed.put("strong", no_atts);
vAllowed.put("i", no_atts);
vAllowed.put("em", no_atts);
vSelfClosingTags = new String[]{"img"};
vNeedClosingTags = new String[]{"a", "b", "strong", "i", "em"};
vDisallowed = new String[]{};
vAllowedProtocols = new String[]{"http", "mailto", "https"}; // no ftp.
vProtocolAtts = new String[]{"src", "href"};
vRemoveBlanks = new String[]{"a", "b", "strong", "i", "em"};
vAllowedEntities = new String[]{"amp", "gt", "lt", "quot"};
stripComment = true;
encodeQuotes = true;
alwaysMakeTags = true;
}
/** Set debug flag to true. Otherwise use default settings. See the default constructor.
*
* @param debug turn debug on with a true argument
*/
public HTMLFilter(final boolean debug) {
this();
vDebug = debug;
}
/** Map-parameter configurable constructor.
*
* @param conf map containing configuration. keys match field names.
*/
public HTMLFilter(final Map<String,Object> conf) {
assert conf.containsKey("vAllowed") : "configuration requires vAllowed";
assert conf.containsKey("vSelfClosingTags") : "configuration requires vSelfClosingTags";
assert conf.containsKey("vNeedClosingTags") : "configuration requires vNeedClosingTags";
assert conf.containsKey("vDisallowed") : "configuration requires vDisallowed";
assert conf.containsKey("vAllowedProtocols") : "configuration requires vAllowedProtocols";
assert conf.containsKey("vProtocolAtts") : "configuration requires vProtocolAtts";
assert conf.containsKey("vRemoveBlanks") : "configuration requires vRemoveBlanks";
ass
没有合适的资源?快使用搜索试试~ 我知道了~
基于SSM开发的小区垃圾分类管理系统含sql数据库(毕设源码).zip
共683个文件
js:153个
png:136个
gif:107个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 47 浏览量
2023-06-15
14:22:04
上传
评论
收藏 8.9MB ZIP 举报
温馨提示
【资源说明】 该项目是个人毕设项目源码,评审分达到95分,都经过严格调试,确保可以运行!放心下载使用。 该项目资源主要针对计算机、自动化等相关专业的学生或从业者下载使用,也可作为期末课程设计、课程大作业、毕业设计等。 具有较高的学习借鉴价值!基础能力强的可以在此基础上修改调整,以实现类似其他功能。 ## 开发软件:Eclipse或Idea 数据库:mysql ## 开发技术: 前端bootstrap,Maven架构,基于SSM框架,Shiro安全框架拦截管理角色权限 垃圾分类管理开发的目标:本网站系统可以彻底解决手工计算、抄写管理垃圾资料、业主资料、住户资料以及文件档案等操作时数量庞大地难题,也可以有效避免长时间无法即时查询某房产或业主资料的繁琐性,用户也可以根据通过系统查看自己的小区的垃圾,对硬件设置进行保修提交等。随时按照用户名称、垃圾站编号、垃圾类型等多种条件任意查询,减少重复,提高工作效率。该管理系统广泛适用于各类垃圾分类居民,垃圾分类物业,以及对整个垃圾分类建设和信息化管理表示关心的群体,个人,组织。 ## 系统涉及2个用户类型。 (1) 系统普通用户:用户登录后,可以浏览所有垃圾分类的信息,并且可以查询垃圾站信息,自己的垃圾运输处理记录,上报维修,查询自己的上报记录,提交投诉和确认投诉等信息。 (2) 系统管理员:主要通过后台来管理本系统所有的功能,具有最高权限,系统管理模块可以管理所有用户信息,查询系统角色信息,管理系统菜单资源权限记录,查看系统日志;可以对垃圾分类信息增删改查,添加维护垃圾站信息,添加登记维护垃圾运输处理收费记录,同时处理用户的投诉和报修等。
资源推荐
资源详情
资源评论
收起资源包目录
基于SSM开发的小区垃圾分类管理系统含sql数据库(毕设源码).zip (683个子文件)
.classpath 1KB
org.eclipse.wst.common.component 647B
org.eclipse.wst.jsdt.ui.superType.container 49B
bootstrap.css 144KB
bootstrap.min.css 120KB
bootstrap.min.css 118KB
AdminLTE.min.css 88KB
editor_ie7.css 48KB
editor_iequirks.css 47KB
editor_ie8.css 46KB
editor_ie.css 46KB
editor_gecko.css 45KB
editor.css 45KB
all-skins.min.css 40KB
font-awesome.min.css 30KB
layui.css 27KB
bootstrap-theme.css 26KB
bootstrap-theme.min.css 23KB
_all.css 21KB
ui.jqgrid-bootstrap.css 19KB
ui.jqgrid.css 17KB
dialog_ie7.css 17KB
dialog_ie8.css 17KB
dialog_iequirks.css 16KB
dialog_ie.css 16KB
dialog.css 16KB
_all.css 15KB
_all.css 15KB
layer.css 14KB
layer.css 14KB
_all.css 13KB
awesome.css 9KB
laydate.css 8KB
index1.css 7KB
metroStyle.css 7KB
zTreeStyle.css 6KB
layer.css 5KB
style.css 3KB
yellow.css 2KB
purple.css 2KB
orange.css 2KB
green.css 2KB
contents.css 2KB
blue.css 2KB
aero.css 2KB
grey.css 2KB
pink.css 2KB
red.css 2KB
line.css 2KB
icheck.css 2KB
purple.css 2KB
orange.css 2KB
yellow.css 2KB
purple.css 2KB
yellow.css 2KB
orange.css 2KB
green.css 2KB
green.css 2KB
grey.css 2KB
aero.css 2KB
pink.css 2KB
blue.css 2KB
pink.css 2KB
blue.css 2KB
grey.css 2KB
aero.css 2KB
red.css 2KB
red.css 1KB
minimal.css 1KB
polaris.css 1KB
square.css 1KB
purple.css 1KB
yellow.css 1KB
orange.css 1KB
green.css 1KB
blue.css 1KB
pink.css 1KB
grey.css 1KB
aero.css 1KB
futurico.css 1KB
red.css 1KB
toolbar.css 1KB
flat.css 1KB
main.css 1KB
code.css 1KB
ui.jqgrid-bootstrap-ui.css 692B
default.css 673B
style.css 304B
fontawesome-webfont.eot 162KB
iconfont.eot 51KB
glyphicons-halflings-regular.eot 20KB
glyphicons-halflings-regular.eot 20KB
59.gif 10KB
22.gif 10KB
24.gif 8KB
13.gif 7KB
16.gif 7KB
39.gif 6KB
64.gif 6KB
63.gif 6KB
共 683 条
- 1
- 2
- 3
- 4
- 5
- 6
- 7
资源评论
z同学的编程之路
- 粉丝: 1808
- 资源: 2129
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功