XSSProtect
==========
XSSProtect is a library with a pluggable XSS filter for reducing the vulnerability
of XSS injection attacks. This library is useful for those people that would like to
allow their end users to write or submit standard HTML-formatted text and show this
text on other pages, either by using DHTML or by server-generated pages.
How it works:
=============
The library generates a parse tree of the HTML snippet and then cleans it up and makes
it X-HTML compliant. A plugged-in filter then filters the submitted code for
potential XSS vulnerabilities. The result is clean HTML that should not contain
XSS attack vectors.
Guarantees?
===========
No guarantees. New holes are found and browser inventions or bugs may be introduced that
still make your application vulnerable to new attack vectors. That is why this library cannot
guarantee security. However, a lot of effort has been made to verify the correct behaviour
of this library against known attack vectors. Please see the unit tests for those results.
LICENSE:
========
This work is released under the terms of the General Public License GPL v3.
How to use the library:
=======================
Very simple. Any method in Java that implements as follows:
-----------------------------------------------------------
import com.blogspot.radialmind.html.HTMLParser;
import com.blogspot.radialmind.html.HandlingException;
import com.blogspot.radialmind.xss.XSSFilter;
public String filterHtmlForXSS( String html )
{
StringReader reader = new StringReader( html );
StringWriter writer = new StringWriter();
try {
HTMLParser.process( reader, writer, new XSSFilter(), true );
return writer.toString();
} catch (HandlingException e) {
// log error
// throw your exception
}
}
or:
import com.blogspot.radialmind.html.HTMLParser;
import com.blogspot.radialmind.html.HandlingException;
import com.blogspot.radialmind.xss.XSSFilter;
public File filterHtmlForXSSAndWriteToFile( String fileName )
{
InputStreamReader reader = new InputStreamReader( new FileInputStream( fileName ) );
File result = FileUtils.createTempFile();
BufferedWriter writer = new BufferedWriter( new FileWriter( result ));
HTMLParser.process( reader, writer, new XSSFilter(), true );
writer.flush();
writer.close();
reader.close();
return result;
}
-------------------------------------------------------
没有合适的资源?快使用搜索试试~ 我知道了~
xssprotect防止XSS攻击源码
共70个文件
java:47个
jar:6个
xml:3个
需积分: 13 12 下载量 83 浏览量
2018-08-27
10:25:45
上传
评论
收藏 1.57MB ZIP 举报
温馨提示
javaweb用过滤器,用装饰设计模式对request重新包装后对前台传到后台参数进行过滤,xssprotect防止XSS攻击
资源推荐
资源详情
资源评论
收起资源包目录
xssprotect-master.zip (70个子文件)
xssprotect-master
NOTICE 94B
vendorlibs
stringtemplate-3.1b1.jar 225KB
junit-3.8.1.jar 118KB
antlr-3.0.1.jar 549KB
cobertura.jar 172KB
antlr-2.7.6.jar 433KB
data
attacks.html 82KB
xssAttacks.xml 83KB
attacks.xsl 594B
ripe.eml 63KB
test
com
blogspot
radialmind
BaseTestCase.java 1KB
html
NoFilterTest.java 1KB
AttributeWithoutQuotationTest.java 1KB
FilterPTagTest.java 1KB
BasicTest.java 1KB
FilterPStyleTest.java 1KB
NoXMLTest.java 2KB
xss
html
TableTest.java 932B
SSITest.java 1KB
XMLElementTest.java 2KB
StyleElementTest.java 2KB
ScriptElementTest.java 2KB
BodyBackgroundTest.java 637B
ImageElementTest.java 6KB
BGSoundElementTest.java 657B
StyleSheetTest.java 2KB
DivStyleBackgroundTest.java 2KB
BaseElementTest.java 946B
OtherTest.java 8KB
MochaTest.java 630B
LiveScriptElementTest.java 652B
MetaElementTest.java 2KB
UsAsciiEncodingTest.java 678B
FrameTest.java 885B
ListStyleTest.java 719B
LayerElementTest.java 672B
BodyOnloadTest.java 616B
EmbeddedObjectsTest.java 2KB
DivExpressionTest.java 664B
basic
ScriptWithAlertTest.java 623B
ScriptWithCharCodeTest.java 660B
XSSLocatorTest.java 998B
ScriptWithSourceFileTest.java 657B
XSSQuickTest.java 648B
build.xml 3KB
LICENSE 11KB
grammar
htmlTreeParser.g 940B
htmlLexer.g 1KB
htmlParser.g 1KB
src
com
blogspot
radialmind
html
Node.java 422B
TagNode.java 3KB
htmlParser.tokens 218B
IHTMLVisitor.java 486B
Attribute.java 1KB
htmlTreeParser.java 8KB
htmlLexer.tokens 183B
HTMLParser.java 5KB
HandlingException.java 314B
htmlParserParser.java 32KB
htmlLexerLexer.java 67KB
TextNode.java 1KB
IHTMLFilter.java 2KB
IHTMLManipulator.java 314B
htmlTreeParser.tokens 218B
xss
XSSFilter.java 5KB
.project 369B
test.xml 3KB
.classpath 461B
xssprotect.txt 2KB
lib
antlr-runtime-3.0.1.jar 103KB
共 70 条
- 1
资源评论
「已注销」
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功