package io.renren.common.xss;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
*
* HTML filtering utility for protecting against XSS (Cross Site Scripting).
*
* This code is licensed LGPLv3
*
* This code is a Java port of the original work in PHP by Cal Hendersen.
* http://code.iamcal.com/php/lib_filter/
*
* The trickiest part of the translation was handling the differences in regex handling
* between PHP and Java. These resources were helpful in the process:
*
* http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
* http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php
* http://www.regular-expressions.info/modifiers.html
*
* A note on naming conventions: instance variables are prefixed with a "v"; global
* constants are in all caps.
*
* Sample use:
* String input = ...
* String clean = new HTMLFilter().filter( input );
*
* The class is not thread safe. Create a new instance if in doubt.
*
* If you find bugs or have suggestions on improvement (especially regarding
* performance), please contact us. The latest version of this
* source, and our contact details, can be found at http://xss-html-filter.sf.net
*
* @author Joseph O'Connell
* @author Cal Hendersen
* @author Michael Semb Wever
*/
public final class HTMLFilter {
/** regex flag union representing /si modifiers in php **/
private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
private static final Pattern P_COMMENTS = Pattern.compile("<!--(.*?)-->", Pattern.DOTALL);
private static final Pattern P_COMMENT = Pattern.compile("^!--(.*)--$", REGEX_FLAGS_SI);
private static final Pattern P_TAGS = Pattern.compile("<(.*?)>", Pattern.DOTALL);
private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)", REGEX_FLAGS_SI);
private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.*?)(/?)$", REGEX_FLAGS_SI);
private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=([\"'])(.*?)\\2", REGEX_FLAGS_SI);
private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^\"\\s']+)", REGEX_FLAGS_SI);
private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):", REGEX_FLAGS_SI);
private static final Pattern P_ENTITY = Pattern.compile("&#(\\d+);?");
private static final Pattern P_ENTITY_UNICODE = Pattern.compile("&#x([0-9a-f]+);?");
private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_AMP = Pattern.compile("&");
private static final Pattern P_QUOTE = Pattern.compile("<");
private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
// @xxx could grow large... maybe use sesat's ReferenceMap
private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap<String, Pattern>();
private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS = new ConcurrentHashMap<String, Pattern>();
/** set of allowed html elements, along with allowed attributes for each element **/
private final Map<String, List<String>> vAllowed;
/** counts of open tags for each (allowable) html element **/
private final Map<String, Integer> vTagCounts = new HashMap<String, Integer>();
/** html elements which must always be self-closing (e.g. "<img />") **/
private final String[] vSelfClosingTags;
/** html elements which must always have separate opening and closing tags (e.g. "<b></b>") **/
private final String[] vNeedClosingTags;
/** set of disallowed html elements **/
private final String[] vDisallowed;
/** attributes which should be checked for valid protocols **/
private final String[] vProtocolAtts;
/** allowed protocols **/
private final String[] vAllowedProtocols;
/** tags which should be removed if they contain no content (e.g. "<b></b>" or "<b />") **/
private final String[] vRemoveBlanks;
/** entities allowed within html markup **/
private final String[] vAllowedEntities;
/** flag determining whether comments are allowed in input String. */
private final boolean stripComment;
private final boolean encodeQuotes;
private boolean vDebug = false;
/**
* flag determining whether to try to make tags when presented with "unbalanced"
* angle brackets (e.g. "<b text </b>" becomes "<b> text </b>"). If set to false,
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;
/** Default constructor.
*
*/
public HTMLFilter() {
vAllowed = new HashMap<>();
final ArrayList<String> a_atts = new ArrayList<String>();
a_atts.add("href");
a_atts.add("target");
vAllowed.put("a", a_atts);
final ArrayList<String> img_atts = new ArrayList<String>();
img_atts.add("src");
img_atts.add("width");
img_atts.add("height");
img_atts.add("alt");
vAllowed.put("img", img_atts);
final ArrayList<String> no_atts = new ArrayList<String>();
vAllowed.put("b", no_atts);
vAllowed.put("strong", no_atts);
vAllowed.put("i", no_atts);
vAllowed.put("em", no_atts);
vSelfClosingTags = new String[]{"img"};
vNeedClosingTags = new String[]{"a", "b", "strong", "i", "em"};
vDisallowed = new String[]{};
vAllowedProtocols = new String[]{"http", "mailto", "https"}; // no ftp.
vProtocolAtts = new String[]{"src", "href"};
vRemoveBlanks = new String[]{"a", "b", "strong", "i", "em"};
vAllowedEntities = new String[]{"amp", "gt", "lt", "quot"};
stripComment = true;
encodeQuotes = true;
alwaysMakeTags = true;
}
/** Set debug flag to true. Otherwise use default settings. See the default constructor.
*
* @param debug turn debug on with a true argument
*/
public HTMLFilter(final boolean debug) {
this();
vDebug = debug;
}
/** Map-parameter configurable constructor.
*
* @param conf map containing configuration. keys match field names.
*/
public HTMLFilter(final Map<String,Object> conf) {
assert conf.containsKey("vAllowed") : "configuration requires vAllowed";
assert conf.containsKey("vSelfClosingTags") : "configuration requires vSelfClosingTags";
assert conf.containsKey("vNeedClosingTags") : "configuration requires vNeedClosingTags";
assert conf.containsKey("vDisallowed") : "configuration requires vDisallowed";
assert conf.containsKey("vAllowedProtocols") : "configuration requires vAllowedProtocols";
assert conf.containsKey("vProtocolAtts") : "configuration requires vProtocolAtts";
assert conf.containsKey("vRemoveBlanks") : "configuration requires vRemoveBlanks";
assert conf.containsKey("vAllowedEntities") : "configuration requires vAllowedEntities";
vAllowed = Collections.unmodifiableMap((HashMap<String, List<String>>) conf.get("vAllow
Java项目:学生学科竞赛管理管理系统设计和实现(java+springboot+ssm+maven)
版权申诉
5星 · 超过95%的资源 69 浏览量
2022-03-14
17:34:10
上传
评论 18
收藏 7.87MB RAR 举报 
Java项目:学生学科竞赛管理管理系统设计和实现(java+springboot+ssm+maven) (1625个子文件) 
HTMLFilter.class 14KB CloudStorageConfig.class 13KB GenUtils.class 9KB Apply.class 8KB SysUserEntity.class 7KB SysMenuEntity.class 6KB ScheduleJobServiceImpl.class 6KB SysRoleEntity.class 6KB SysUserServiceImpl.class 6KB SysMenuController.class 5KB UserRealm.class 5KB SysDeptEntity.class 5KB ScheduleUtils.class 5KB SysOssController.class 5KB SysRoleServiceImpl.class 5KB SysUserController.class 5KB ScheduleJobLogEntity.class 5KB SysConfigServiceImpl.class 5KB DataSourceProperties.class 5KB SysLogEntity.class 5KB ScheduleJobEntity.class 5KB Doorplate.class 5KB SysDictEntity.class 5KB DataFilterAspect.class 5KB Personal.class 5KB SysMenuServiceImpl.class 5KB ShiroConfig.class 4KB Expenditure.class 4KB SysDeptController.class 4KB RedisConfig.class 4KB SysRoleController.class 4KB RedisUtils.class 4KB SysDictController.class 4KB SysLogAspect.class 4KB UserEntity.class 4KB ScheduleJobController.class 4KB Closing.class 4KB MCity.class 4KB DoorplateController.class 4KB SysLoginController.class 4KB DynamicDataSourceConfig.class 4KB City.class 4KB XssHttpServletRequestWrapper.class 4KB ScheduleJob.class 4KB QcloudCloudStorageService.class 3KB ApplyController.class 3KB PersonalController.class 3KB TeamController.class 3KB SysConfigController.class 3KB DateUtils.class 3KB Inform.class 3KB TokenEntity.class 3KB SysConfigEntity.class 3KB UserServiceImpl.class 3KB InformController.class 3KB QiniuCloudStorageService.class 3KB EexpenditureController.class 3KB CityController.class 3KB ClosingController.class 3KB SysGeneratorService.class 3KB SysGeneratorController.class 3KB SysOssEntity.class 3KB DataSourceAspect.class 3KB Team.class 3KB Query.class 3KB SwaggerConfig.class 3KB ApplyServiceImpl.class 3KB SysDeptServiceImpl.class 3KB SysUserRoleEntity.class 3KB SysRoleMenuEntity.class 3KB SysRoleDeptEntity.class 3KB DoorplateServiceImpl.class 3KB DynamicDataSourceFactory.class 3KB SysUserRoleServiceImpl.class 2KB RRExceptionHandler.class 2KB TokenServiceImpl.class 2KB AuthorizationInterceptor.class 2KB AliyunCloudStorageService.class 2KB SysRoleDeptServiceImpl.class 2KB SysRoleMenuServiceImpl.class 2KB PageUtils.class 2KB LoginUserHandlerMethodArgumentResolver.class 2KB ScheduleConfig.class 2KB ShiroUtils.class 2KB ScheduleJobLogServiceImpl.class 2KB RegisterForm.class 2KB InformServiceImpl.class 2KB LoginForm.class 2KB ExpenditureServiceImpl.class 2KB SysLogServiceImpl.class 2KB SysDictServiceImpl.class 2KB PersonalServiceImpl.class 2KB ClosingServiceImpl.class 2KB ScheduleJobLogController.class 2KB SwaggerConfig.class 2KB MCityServiceImpl.class 2KB CityServiceImpl.class 2KB TeamServiceImpl.class 2KB ApiLoginController.class 2KB RRExceptionHandler.class 2KB共 1625 条
- 1
- 2
- 3
- 4
- 5
- 6
- 17
- 1
- 2
前往页