package com.xmut.common.xss;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
*
* HTML filtering utility for protecting against XSS (Cross Site Scripting).
*
* This code is licensed LGPLv3
*
* This code is a Java port of the original work in PHP by Cal Hendersen.
* http://code.iamcal.com/php/lib_filter/
*
* The trickiest part of the translation was handling the differences in regex handling
* between PHP and Java. These resources were helpful in the process:
*
* http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
* http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php
* http://www.regular-expressions.info/modifiers.html
*
* A note on naming conventions: instance variables are prefixed with a "v"; global
* constants are in all caps.
*
* Sample use:
* String input = ...
* String clean = new HTMLFilter().filter( input );
*
* The class is not thread safe. Create a new instance if in doubt.
*
* If you find bugs or have suggestions on improvement (especially regarding
* performance), please contact us. The latest version of this
* source, and our contact details, can be found at http://xss-html-filter.sf.net
*
* @author Joseph O'Connell
* @author Cal Hendersen
* @author Michael Semb Wever
*/
public final class HTMLFilter {
/** regex flag union representing /si modifiers in php **/
private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
private static final Pattern P_COMMENTS = Pattern.compile("<!--(.*?)-->", Pattern.DOTALL);
private static final Pattern P_COMMENT = Pattern.compile("^!--(.*)--$", REGEX_FLAGS_SI);
private static final Pattern P_TAGS = Pattern.compile("<(.*?)>", Pattern.DOTALL);
private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)", REGEX_FLAGS_SI);
private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.*?)(/?)$", REGEX_FLAGS_SI);
private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=([\"'])(.*?)\\2", REGEX_FLAGS_SI);
private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^\"\\s']+)", REGEX_FLAGS_SI);
private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):", REGEX_FLAGS_SI);
private static final Pattern P_ENTITY = Pattern.compile("&#(\\d+);?");
private static final Pattern P_ENTITY_UNICODE = Pattern.compile("&#x([0-9a-f]+);?");
private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_AMP = Pattern.compile("&");
private static final Pattern P_QUOTE = Pattern.compile("<");
private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
// @xxx could grow large... maybe use sesat's ReferenceMap
private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap<String, Pattern>();
private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS = new ConcurrentHashMap<String, Pattern>();
/** set of allowed html elements, along with allowed attributes for each element **/
private final Map<String, List<String>> vAllowed;
/** counts of open tags for each (allowable) html element **/
private final Map<String, Integer> vTagCounts = new HashMap<String, Integer>();
/** html elements which must always be self-closing (e.g. "<img />") **/
private final String[] vSelfClosingTags;
/** html elements which must always have separate opening and closing tags (e.g. "<b></b>") **/
private final String[] vNeedClosingTags;
/** set of disallowed html elements **/
private final String[] vDisallowed;
/** attributes which should be checked for valid protocols **/
private final String[] vProtocolAtts;
/** allowed protocols **/
private final String[] vAllowedProtocols;
/** tags which should be removed if they contain no content (e.g. "<b></b>" or "<b />") **/
private final String[] vRemoveBlanks;
/** entities allowed within html markup **/
private final String[] vAllowedEntities;
/** flag determining whether comments are allowed in input String. */
private final boolean stripComment;
private final boolean encodeQuotes;
private boolean vDebug = false;
/**
* flag determining whether to try to make tags when presented with "unbalanced"
* angle brackets (e.g. "<b text </b>" becomes "<b> text </b>"). If set to false,
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;
/** Default constructor.
*
*/
public HTMLFilter() {
vAllowed = new HashMap<>();
final ArrayList<String> a_atts = new ArrayList<String>();
a_atts.add("href");
a_atts.add("target");
vAllowed.put("a", a_atts);
final ArrayList<String> img_atts = new ArrayList<String>();
img_atts.add("src");
img_atts.add("width");
img_atts.add("height");
img_atts.add("alt");
vAllowed.put("img", img_atts);
final ArrayList<String> no_atts = new ArrayList<String>();
vAllowed.put("b", no_atts);
vAllowed.put("strong", no_atts);
vAllowed.put("i", no_atts);
vAllowed.put("em", no_atts);
vSelfClosingTags = new String[]{"img"};
vNeedClosingTags = new String[]{"a", "b", "strong", "i", "em"};
vDisallowed = new String[]{};
vAllowedProtocols = new String[]{"http", "mailto", "https"}; // no ftp.
vProtocolAtts = new String[]{"src", "href"};
vRemoveBlanks = new String[]{"a", "b", "strong", "i", "em"};
vAllowedEntities = new String[]{"amp", "gt", "lt", "quot"};
stripComment = true;
encodeQuotes = true;
alwaysMakeTags = true;
}
/** Set debug flag to true. Otherwise use default settings. See the default constructor.
*
* @param debug turn debug on with a true argument
*/
public HTMLFilter(final boolean debug) {
this();
vDebug = debug;
}
/** Map-parameter configurable constructor.
*
* @param conf map containing configuration. keys match field names.
*/
public HTMLFilter(final Map<String,Object> conf) {
assert conf.containsKey("vAllowed") : "configuration requires vAllowed";
assert conf.containsKey("vSelfClosingTags") : "configuration requires vSelfClosingTags";
assert conf.containsKey("vNeedClosingTags") : "configuration requires vNeedClosingTags";
assert conf.containsKey("vDisallowed") : "configuration requires vDisallowed";
assert conf.containsKey("vAllowedProtocols") : "configuration requires vAllowedProtocols";
assert conf.containsKey("vProtocolAtts") : "configuration requires vProtocolAtts";
assert conf.containsKey("vRemoveBlanks") : "configuration requires vRemoveBlanks";
assert conf.containsKey("vAllowedEntities") : "configuration requires vAllowedEntities";
vAllowed = Collections.unmodifiableMap((HashMap<String, List<String>>) conf.get("vAllowe
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
毕业设计,基于SpringBoot+Vue+MySql开发的前后端分离的报告协作系统,内含Java完整源代码,数据库脚本 毕业设计:基于SpringBoot的报告协作系统的分析与实现 报告,是涉及到每一个行业的一种文案,不同性质和内容的报告在编辑的过程中都有着不同的要求,为的就是在报告当中可以反映出调查的问题和解决的措施。近年来,互联网上写作报告的平台越来越多,每一个平台在写作服务上是很专业的,尤其是在各方面的调查上都是越来越系统全面的。 1、策划团队专业一流。 当报告在写作之前,都会在市场上做出可行性的调查和研究,也就是成为了在写作方面的参考要求,那么轻松过关的概率就会明显的提高。写作平台上拥有实力雄厚的策划团队,在做调查的过程中不仅可以抓住重点,对报告内容方面的编辑上也是较为系统全面的。
资源推荐
资源详情
资源评论
收起资源包目录
毕业设计,基于SpringBoot+Vue+MySql开发的前后端分离的报告协作系统,内含Java完整源代码,数据库脚本 (705个子文件)
.babelrc 337B
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
index.css 192KB
ueditor.css 43KB
screen.css 43KB
print.css 41KB
ueditor.min.css 34KB
swagger-ui.css 26KB
video-js.css 21KB
image.css 18KB
video.css 15KB
attachment.css 14KB
video-js.min.css 11KB
shCoreDefault.css 7KB
scrawl.css 4KB
style.css 3KB
codemirror.css 3KB
charts.css 3KB
background.css 2KB
emotion.css 2KB
dialogbase.css 2KB
music.css 2KB
taskpane.css 1KB
edittable.css 1KB
template.css 1KB
reset.css 773B
scrollbar.css 617B
webuploader.css 515B
help.css 389B
iframe.css 41B
typography.css 0B
wc.db 132KB
wc.db-journal 0B
Dockerfile 134B
.editorconfig 147B
entries 3B
vjs.eot 3KB
.eslintignore 74B
.eslintrc 58B
UEditorSnapscreen.exe 508KB
format 3B
wface.gif 49KB
jxface2.gif 40KB
yface.gif 28KB
bface.gif 27KB
icons.gif 20KB
file-icons.gif 20KB
file-icons.gif 20KB
tface.gif 19KB
fface.gif 18KB
throbber.gif 9KB
cface.gif 8KB
icons-all.gif 4KB
videologo.gif 2KB
cancelbutton.gif 1KB
button-bg.gif 1KB
lock.gif 1KB
alignicon.gif 1KB
word.gif 1019B
icon_doc.gif 1012B
icon_psd.gif 1009B
icon_rar.gif 1007B
icon_xls.gif 1005B
icon_mv.gif 1001B
icon_ppt.gif 1001B
icon_pdf.gif 996B
icon_mp3.gif 986B
icon_txt.gif 970B
icon_jpg.gif 950B
icon_exe.gif 949B
icon_chm.gif 923B
loading.gif 734B
icons.gif 453B
icons.gif 453B
icons.gif 453B
success.gif 445B
success.gif 445B
success.gif 445B
cursor_v.gif 370B
cursor_h.gif 253B
anchor.gif 184B
highlighted.gif 111B
unhighlighted.gif 111B
bg.gif 84B
expand.gif 73B
collapse.gif 69B
pagebreak.gif 54B
spacer.gif 43B
0.gif 43B
.gitignore 291B
共 705 条
- 1
- 2
- 3
- 4
- 5
- 6
- 8
资源评论
流华追梦
- 粉丝: 4821
- 资源: 2185
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功