package io.renren.common.xss;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
*
* HTML filtering utility for protecting against XSS (Cross Site Scripting).
*
* This code is licensed LGPLv3
*
* This code is a Java port of the original work in PHP by Cal Hendersen.
* http://code.iamcal.com/php/lib_filter/
*
* The trickiest part of the translation was handling the differences in regex handling
* between PHP and Java. These resources were helpful in the process:
*
* http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
* http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php
* http://www.regular-expressions.info/modifiers.html
*
* A note on naming conventions: instance variables are prefixed with a "v"; global
* constants are in all caps.
*
* Sample use:
* String input = ...
* String clean = new HTMLFilter().filter( input );
*
* The class is not thread safe. Create a new instance if in doubt.
*
* If you find bugs or have suggestions on improvement (especially regarding
* performance), please contact us. The latest version of this
* source, and our contact details, can be found at http://xss-html-filter.sf.net
*
* @author Joseph O'Connell
* @author Cal Hendersen
* @author Michael Semb Wever
*/
public final class HTMLFilter {
/** regex flag union representing /si modifiers in php **/
private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
private static final Pattern P_COMMENTS = Pattern.compile("<!--(.*?)-->", Pattern.DOTALL);
private static final Pattern P_COMMENT = Pattern.compile("^!--(.*)--$", REGEX_FLAGS_SI);
private static final Pattern P_TAGS = Pattern.compile("<(.*?)>", Pattern.DOTALL);
private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)", REGEX_FLAGS_SI);
private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.*?)(/?)$", REGEX_FLAGS_SI);
private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=([\"'])(.*?)\\2", REGEX_FLAGS_SI);
private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^\"\\s']+)", REGEX_FLAGS_SI);
private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):", REGEX_FLAGS_SI);
private static final Pattern P_ENTITY = Pattern.compile("&#(\\d+);?");
private static final Pattern P_ENTITY_UNICODE = Pattern.compile("&#x([0-9a-f]+);?");
private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_AMP = Pattern.compile("&");
private static final Pattern P_QUOTE = Pattern.compile("<");
private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
// @xxx could grow large... maybe use sesat's ReferenceMap
private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap<String, Pattern>();
private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS = new ConcurrentHashMap<String, Pattern>();
/** set of allowed html elements, along with allowed attributes for each element **/
private final Map<String, List<String>> vAllowed;
/** counts of open tags for each (allowable) html element **/
private final Map<String, Integer> vTagCounts = new HashMap<String, Integer>();
/** html elements which must always be self-closing (e.g. "<img />") **/
private final String[] vSelfClosingTags;
/** html elements which must always have separate opening and closing tags (e.g. "<b></b>") **/
private final String[] vNeedClosingTags;
/** set of disallowed html elements **/
private final String[] vDisallowed;
/** attributes which should be checked for valid protocols **/
private final String[] vProtocolAtts;
/** allowed protocols **/
private final String[] vAllowedProtocols;
/** tags which should be removed if they contain no content (e.g. "<b></b>" or "<b />") **/
private final String[] vRemoveBlanks;
/** entities allowed within html markup **/
private final String[] vAllowedEntities;
/** flag determining whether comments are allowed in input String. */
private final boolean stripComment;
private final boolean encodeQuotes;
private boolean vDebug = false;
/**
* flag determining whether to try to make tags when presented with "unbalanced"
* angle brackets (e.g. "<b text </b>" becomes "<b> text </b>"). If set to false,
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;
/** Default constructor.
*
*/
public HTMLFilter() {
vAllowed = new HashMap<>();
final ArrayList<String> a_atts = new ArrayList<String>();
a_atts.add("href");
a_atts.add("target");
vAllowed.put("a", a_atts);
final ArrayList<String> img_atts = new ArrayList<String>();
img_atts.add("src");
img_atts.add("width");
img_atts.add("height");
img_atts.add("alt");
vAllowed.put("img", img_atts);
final ArrayList<String> no_atts = new ArrayList<String>();
vAllowed.put("b", no_atts);
vAllowed.put("strong", no_atts);
vAllowed.put("i", no_atts);
vAllowed.put("em", no_atts);
vSelfClosingTags = new String[]{"img"};
vNeedClosingTags = new String[]{"a", "b", "strong", "i", "em"};
vDisallowed = new String[]{};
vAllowedProtocols = new String[]{"http", "mailto", "https"}; // no ftp.
vProtocolAtts = new String[]{"src", "href"};
vRemoveBlanks = new String[]{"a", "b", "strong", "i", "em"};
vAllowedEntities = new String[]{"amp", "gt", "lt", "quot"};
stripComment = true;
encodeQuotes = true;
alwaysMakeTags = true;
}
/** Set debug flag to true. Otherwise use default settings. See the default constructor.
*
* @param debug turn debug on with a true argument
*/
public HTMLFilter(final boolean debug) {
this();
vDebug = debug;
}
/** Map-parameter configurable constructor.
*
* @param conf map containing configuration. keys match field names.
*/
public HTMLFilter(final Map<String,Object> conf) {
assert conf.containsKey("vAllowed") : "configuration requires vAllowed";
assert conf.containsKey("vSelfClosingTags") : "configuration requires vSelfClosingTags";
assert conf.containsKey("vNeedClosingTags") : "configuration requires vNeedClosingTags";
assert conf.containsKey("vDisallowed") : "configuration requires vDisallowed";
assert conf.containsKey("vAllowedProtocols") : "configuration requires vAllowedProtocols";
assert conf.containsKey("vProtocolAtts") : "configuration requires vProtocolAtts";
assert conf.containsKey("vRemoveBlanks") : "configuration requires vRemoveBlanks";
assert conf.containsKey("vAllowedEntities") : "configuration requires vAllowedEntities";
vAllowed = Collections.unmodifiableMap((HashMap<String, List<String>>) conf.get("vAllow
没有合适的资源?快使用搜索试试~ 我知道了~
Java项目:学生学科竞赛管理管理系统设计和实现(java+springboot+ssm+maven)
共1625个文件
xml:244个
class:220个
java:216个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
5星 · 超过95%的资源 6 下载量 69 浏览量
2022-03-14
17:34:10
上传
评论 18
收藏 7.87MB RAR 举报
温馨提示
主要技术、spring、 springmvc、 springboot、 mybatis 、 jquery 、 layUI、md5 、bootstarp.js tomcat、、拦截器等项目 主要功能:登录、用户、菜单管理、角色管理、权限管理、立项申请、报名、结、经费管理、审核、统计等 用户登录:输入账号密码和验证码登录登录、登陆后根据用户权限显示不同菜单、角色灵活控制。
资源推荐
资源详情
资源评论
收起资源包目录
Java项目:学生学科竞赛管理管理系统设计和实现(java+springboot+ssm+maven) (1625个子文件)
HTMLFilter.class 14KB
CloudStorageConfig.class 13KB
GenUtils.class 9KB
Apply.class 8KB
SysUserEntity.class 7KB
SysMenuEntity.class 6KB
ScheduleJobServiceImpl.class 6KB
SysRoleEntity.class 6KB
SysUserServiceImpl.class 6KB
SysMenuController.class 5KB
UserRealm.class 5KB
SysDeptEntity.class 5KB
ScheduleUtils.class 5KB
SysOssController.class 5KB
SysRoleServiceImpl.class 5KB
SysUserController.class 5KB
ScheduleJobLogEntity.class 5KB
SysConfigServiceImpl.class 5KB
DataSourceProperties.class 5KB
SysLogEntity.class 5KB
ScheduleJobEntity.class 5KB
Doorplate.class 5KB
SysDictEntity.class 5KB
DataFilterAspect.class 5KB
Personal.class 5KB
SysMenuServiceImpl.class 5KB
ShiroConfig.class 4KB
Expenditure.class 4KB
SysDeptController.class 4KB
RedisConfig.class 4KB
SysRoleController.class 4KB
RedisUtils.class 4KB
SysDictController.class 4KB
SysLogAspect.class 4KB
UserEntity.class 4KB
ScheduleJobController.class 4KB
Closing.class 4KB
MCity.class 4KB
DoorplateController.class 4KB
SysLoginController.class 4KB
DynamicDataSourceConfig.class 4KB
City.class 4KB
XssHttpServletRequestWrapper.class 4KB
ScheduleJob.class 4KB
QcloudCloudStorageService.class 3KB
ApplyController.class 3KB
PersonalController.class 3KB
TeamController.class 3KB
SysConfigController.class 3KB
DateUtils.class 3KB
Inform.class 3KB
TokenEntity.class 3KB
SysConfigEntity.class 3KB
UserServiceImpl.class 3KB
InformController.class 3KB
QiniuCloudStorageService.class 3KB
EexpenditureController.class 3KB
CityController.class 3KB
ClosingController.class 3KB
SysGeneratorService.class 3KB
SysGeneratorController.class 3KB
SysOssEntity.class 3KB
DataSourceAspect.class 3KB
Team.class 3KB
Query.class 3KB
SwaggerConfig.class 3KB
ApplyServiceImpl.class 3KB
SysDeptServiceImpl.class 3KB
SysUserRoleEntity.class 3KB
SysRoleMenuEntity.class 3KB
SysRoleDeptEntity.class 3KB
DoorplateServiceImpl.class 3KB
DynamicDataSourceFactory.class 3KB
SysUserRoleServiceImpl.class 2KB
RRExceptionHandler.class 2KB
TokenServiceImpl.class 2KB
AuthorizationInterceptor.class 2KB
AliyunCloudStorageService.class 2KB
SysRoleDeptServiceImpl.class 2KB
SysRoleMenuServiceImpl.class 2KB
PageUtils.class 2KB
LoginUserHandlerMethodArgumentResolver.class 2KB
ScheduleConfig.class 2KB
ShiroUtils.class 2KB
ScheduleJobLogServiceImpl.class 2KB
RegisterForm.class 2KB
InformServiceImpl.class 2KB
LoginForm.class 2KB
ExpenditureServiceImpl.class 2KB
SysLogServiceImpl.class 2KB
SysDictServiceImpl.class 2KB
PersonalServiceImpl.class 2KB
ClosingServiceImpl.class 2KB
ScheduleJobLogController.class 2KB
SwaggerConfig.class 2KB
MCityServiceImpl.class 2KB
CityServiceImpl.class 2KB
TeamServiceImpl.class 2KB
ApiLoginController.class 2KB
RRExceptionHandler.class 2KB
共 1625 条
- 1
- 2
- 3
- 4
- 5
- 6
- 17
OldWinePot
- 粉丝: 8673
- 资源: 397
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
前往页