package com.debug.pmp.common.filter;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
*
* HTML filtering utility for protecting against XSS (Cross Site Scripting).
*
* This code is licensed LGPLv3
*
* This code is a Java port of the original work in PHP by Cal Hendersen.
* http://code.iamcal.com/php/lib_filter/
*
* The trickiest part of the translation was handling the differences in regex handling
* between PHP and Java. These resources were helpful in the process:
*
* http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
* http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php
* http://www.regular-expressions.info/modifiers.html
*
* A note on naming conventions: instance variables are prefixed with a "v"; global
* constants are in all caps.
*
* Sample use:
* String input = ...
* String clean = new HTMLFilter().filter( input );
*
* The class is not thread safe. Create a new instance if in doubt.
*
* If you find bugs or have suggestions on improvement (especially regarding
* performance), please contact us. The latest version of this
* source, and our contact details, can be found at http://xss-html-filter.sf.net
*
* @author Joseph O'Connell
* @author Cal Hendersen
* @author Michael Semb Wever
*/
public final class HTMLFilter {
/** regex flag union representing /si modifiers in php **/
private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
private static final Pattern P_COMMENTS = Pattern.compile("<!--(.*?)-->", Pattern.DOTALL);
private static final Pattern P_COMMENT = Pattern.compile("^!--(.*)--$", REGEX_FLAGS_SI);
private static final Pattern P_TAGS = Pattern.compile("<(.*?)>", Pattern.DOTALL);
private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)", REGEX_FLAGS_SI);
private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.*?)(/?)$", REGEX_FLAGS_SI);
private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=([\"'])(.*?)\\2", REGEX_FLAGS_SI);
private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^\"\\s']+)", REGEX_FLAGS_SI);
private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):", REGEX_FLAGS_SI);
private static final Pattern P_ENTITY = Pattern.compile("&#(\\d+);?");
private static final Pattern P_ENTITY_UNICODE = Pattern.compile("&#x([0-9a-f]+);?");
private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_AMP = Pattern.compile("&");
private static final Pattern P_QUOTE = Pattern.compile("<");
private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
// @xxx could grow large... maybe use sesat's ReferenceMap
private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap<String, Pattern>();
private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS = new ConcurrentHashMap<String, Pattern>();
/** set of allowed html elements, along with allowed attributes for each element **/
private final Map<String, List<String>> vAllowed;
/** counts of open tags for each (allowable) html element **/
private final Map<String, Integer> vTagCounts = new HashMap<String, Integer>();
/** html elements which must always be self-closing (e.g. "<img />") **/
private final String[] vSelfClosingTags;
/** html elements which must always have separate opening and closing tags (e.g. "<b></b>") **/
private final String[] vNeedClosingTags;
/** set of disallowed html elements **/
private final String[] vDisallowed;
/** attributes which should be checked for valid protocols **/
private final String[] vProtocolAtts;
/** allowed protocols **/
private final String[] vAllowedProtocols;
/** tags which should be removed if they contain no content (e.g. "<b></b>" or "<b />") **/
private final String[] vRemoveBlanks;
/** entities allowed within html markup **/
private final String[] vAllowedEntities;
/** flag determining whether comments are allowed in input String. */
private final boolean stripComment;
private final boolean encodeQuotes;
private boolean vDebug = false;
/**
* flag determining whether to try to make tags when presented with "unbalanced"
* angle brackets (e.g. "<b text </b>" becomes "<b> text </b>"). If set to false,
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;
/** Default constructor.
*
*/
public HTMLFilter() {
vAllowed = new HashMap<>();
final ArrayList<String> a_atts = new ArrayList<String>();
a_atts.add("href");
a_atts.add("target");
vAllowed.put("a", a_atts);
final ArrayList<String> img_atts = new ArrayList<String>();
img_atts.add("src");
img_atts.add("width");
img_atts.add("height");
img_atts.add("alt");
vAllowed.put("img", img_atts);
final ArrayList<String> no_atts = new ArrayList<String>();
vAllowed.put("b", no_atts);
vAllowed.put("strong", no_atts);
vAllowed.put("i", no_atts);
vAllowed.put("em", no_atts);
vSelfClosingTags = new String[]{"img"};
vNeedClosingTags = new String[]{"a", "b", "strong", "i", "em"};
vDisallowed = new String[]{};
vAllowedProtocols = new String[]{"http", "mailto", "https"}; // no ftp.
vProtocolAtts = new String[]{"src", "href"};
vRemoveBlanks = new String[]{"a", "b", "strong", "i", "em"};
vAllowedEntities = new String[]{"amp", "gt", "lt", "quot"};
stripComment = true;
encodeQuotes = true;
alwaysMakeTags = true;
}
/** Set debug flag to true. Otherwise use default settings. See the default constructor.
*
* @param debug turn debug on with a true argument
*/
public HTMLFilter(final boolean debug) {
this();
vDebug = debug;
}
/** Map-parameter configurable constructor.
*
* @param conf map containing configuration. keys match field names.
*/
public HTMLFilter(final Map<String,Object> conf) {
assert conf.containsKey("vAllowed") : "configuration requires vAllowed";
assert conf.containsKey("vSelfClosingTags") : "configuration requires vSelfClosingTags";
assert conf.containsKey("vNeedClosingTags") : "configuration requires vNeedClosingTags";
assert conf.containsKey("vDisallowed") : "configuration requires vDisallowed";
assert conf.containsKey("vAllowedProtocols") : "configuration requires vAllowedProtocols";
assert conf.containsKey("vProtocolAtts") : "configuration requires vProtocolAtts";
assert conf.containsKey("vRemoveBlanks") : "configuration requires vRemoveBlanks";
assert conf.con
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
项目工程资源经过严格测试可直接运行成功且功能正常的情况才上传,可轻松copy复刻,拿到资料包后可轻松复现出一样的项目,本人系统开发经验充足(全栈开发),有任何使用问题欢迎随时与我联系,我会及时为您解惑,提供帮助 【资源内容】:项目具体内容可查看/点击本页面下方的*资源详情*,包含完整源码+工程文件+说明(若有)等 【本人专注计算机领域】:有任何使用问题欢迎随时与我联系,我会及时解答,第一时间为您提供帮助 【附带帮助】:若还需要相关开发工具、学习资料等,我会提供帮助,提供资料,鼓励学习进步 【适合场景】:相关项目设计中,皆可应用在项目开发、毕业设计、课程设计、期末/期中/大作业、工程实训、大创等学科竞赛比赛、初期项目立项、学习/练手等方面中 可借鉴此优质项目实现复刻,也可基于此项目来扩展开发出更多功能 #注 1. 本资源仅用于开源学习和技术交流。不可商用等,一切后果由使用者承担 2. 部分字体及插图等来自网络,若是侵权请联系删除,本人不对所涉及的版权问题或内容负法律责任。收取的费用仅用于收集和整理资料耗费时间的酬劳
资源推荐
资源详情
资源评论
收起资源包目录
基于springboot + shiro的权限管理平台.zip (1008个子文件)
HTMLFilter.class 14KB
SysUserServiceImpl.class 11KB
SysUser.class 9KB
SysMenuController.class 9KB
UserRealm.class 8KB
SysPostController.class 7KB
SysRoleServiceImpl.class 7KB
AttendRecord.class 7KB
SysUserController.class 7KB
SysMenu.class 7KB
GeneratorCode.class 7KB
SysDeptServiceImpl.class 7KB
SysMenuServiceImpl.class 6KB
SysPostServiceImpl.class 6KB
SysUserPostServiceImpl.class 6KB
SysDept.class 6KB
SysDeptController.class 6KB
SysRoleController.class 6KB
SysPost.class 6KB
SysDict.class 5KB
SysLog.class 5KB
ItemType.class 5KB
SysUserRoleServiceImpl.class 5KB
SysRole.class 5KB
SysRoleMenuServiceImpl.class 5KB
SysRoleDeptServiceImpl.class 5KB
SysLoginController.class 5KB
PageUtil.class 5KB
SysLogServiceImpl.class 4KB
StatusCode.class 4KB
XssHttpServletRequestWrapper.class 4KB
BaseResponse.class 4KB
LogAspect.class 4KB
SysUserPost.class 3KB
QueryUtil.class 3KB
ShiroConfig.class 3KB
CommonExceptionHandler.class 3KB
SysRoleDept.class 3KB
SysRoleMenu.class 3KB
SysUserRole.class 3KB
ShiroUtil.class 3KB
SysLogController.class 3KB
Constant$AttendStatus.class 2KB
ValidatorUtil.class 2KB
Constant.class 2KB
FreemarkerConfig.class 2KB
FilterConfig.class 2KB
SysPageController.class 2KB
IPUtil.class 2KB
CustomSessionManager.class 1KB
CommonUtil.class 1KB
SQLFilter.class 1KB
CommonException.class 1KB
Constant$MenuType.class 1KB
XssFilter.class 1KB
KaptchaConfig.class 1KB
XssHttpServletRequestWrapper$1.class 1KB
PmpApplication.class 1KB
GeneratorCode$2.class 1KB
WebConfig.class 1KB
SysUserService.class 1KB
Test.class 1016B
AbstractController.class 979B
ShiroVariable.class 966B
MybatisPlusConfig.class 942B
SysMenuService.class 796B
AttendRecordServiceImpl.class 768B
ItemTypeServiceImpl.class 740B
SysDictServiceImpl.class 733B
SysRoleService.class 732B
SysPostService.class 724B
SysMenuMapper.class 713B
HttpContextUtils.class 699B
SysDeptService.class 624B
SysUserPostService.class 606B
SysUserMapper.class 598B
SysDeptMapper.class 529B
SysUserPostMapper.class 517B
LogAnnotation.class 514B
SysRoleMenuService.class 514B
SysUserRoleService.class 514B
SysRoleDeptService.class 514B
GeneratorCode$1.class 514B
SysLogService.class 442B
AttendRecordService.class 344B
AttendRecordMapper.class 332B
ItemTypeService.class 332B
SysRoleMenuMapper.class 329B
SysRoleDeptMapper.class 329B
SysUserRoleMapper.class 329B
SysDictService.class 329B
ItemTypeMapper.class 320B
SysPostMapper.class 317B
SysRoleMapper.class 317B
SysDictMapper.class 317B
SysLogMapper.class 314B
Main.class 279B
Main.class 277B
Main.class 273B
bootstrap.min.css 118KB
共 1008 条
- 1
- 2
- 3
- 4
- 5
- 6
- 11
资源评论
专家大圣
- 粉丝: 1706
- 资源: 6298
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 程序员问卷调查表的内容
- 以下是 VB 入门教程及一个简单的开发案例
- SQL (Structured Query Language) 是用于管理和操作关系型数据库的标准语言
- STM32储能逆变器资料,提供原理图,pcb,源代码 基于STM32F103设计,具有并网充电、放电;并网离网自动切换;485
- Scratch 是一个基于图形化编程的工具,专门设计用于帮助儿童和初学者学习编程概念
- 逆变器光伏逆变器,3.6kw储能逆变器全套资料 STM32储能逆变器 BOOST 全桥 基于STM32F103设计,具有并网充
- 基于python+opencv的手势识别系统,可控制灯的亮度,智能家居,智能小车 基于python+opencv的手势识别系统
- VSC下垂控制策略仿真模型,支持MATLAB2014a及以上版本
- 基于python实现的LSB进行图像隐写的程序
- 考虑分布式光伏储能系统的优化配置方法 完全复现截图文献模型 采用双层模型求解 上层决策储能系统配置容量用遗传 粒子群算法求解 下
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功