package cn.jeefast.common.xss;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
*
* HTML filtering utility for protecting against XSS (Cross Site Scripting).
*
* This code is licensed LGPLv3
*
* This code is a Java port of the original work in PHP by Cal Hendersen.
* http://code.iamcal.com/php/lib_filter/
*
* The trickiest part of the translation was handling the differences in regex handling
* between PHP and Java. These resources were helpful in the process:
*
* http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
* http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php
* http://www.regular-expressions.info/modifiers.html
*
* A note on naming conventions: instance variables are prefixed with a "v"; global
* constants are in all caps.
*
* Sample use:
* String input = ...
* String clean = new HTMLFilter().filter( input );
*
* The class is not thread safe. Create a new instance if in doubt.
*
* If you find bugs or have suggestions on improvement (especially regarding
* performance), please contact us. The latest version of this
* source, and our contact details, can be found at http://xss-html-filter.sf.net
*
* @author Joseph O'Connell
* @author Cal Hendersen
* @author Michael Semb Wever
*/
public final class HTMLFilter {
/** regex flag union representing /si modifiers in php **/
private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
private static final Pattern P_COMMENTS = Pattern.compile("<!--(.*?)-->", Pattern.DOTALL);
private static final Pattern P_COMMENT = Pattern.compile("^!--(.*)--$", REGEX_FLAGS_SI);
private static final Pattern P_TAGS = Pattern.compile("<(.*?)>", Pattern.DOTALL);
private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)", REGEX_FLAGS_SI);
private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.*?)(/?)$", REGEX_FLAGS_SI);
private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=([\"'])(.*?)\\2", REGEX_FLAGS_SI);
private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^\"\\s']+)", REGEX_FLAGS_SI);
private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):", REGEX_FLAGS_SI);
private static final Pattern P_ENTITY = Pattern.compile("&#(\\d+);?");
private static final Pattern P_ENTITY_UNICODE = Pattern.compile("&#x([0-9a-f]+);?");
private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_AMP = Pattern.compile("&");
private static final Pattern P_QUOTE = Pattern.compile("<");
private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
// @xxx could grow large... maybe use sesat's ReferenceMap
private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap<String, Pattern>();
private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS = new ConcurrentHashMap<String, Pattern>();
/** set of allowed html elements, along with allowed attributes for each element **/
private final Map<String, List<String>> vAllowed;
/** counts of open tags for each (allowable) html element **/
private final Map<String, Integer> vTagCounts = new HashMap<String, Integer>();
/** html elements which must always be self-closing (e.g. "<img />") **/
private final String[] vSelfClosingTags;
/** html elements which must always have separate opening and closing tags (e.g. "<b></b>") **/
private final String[] vNeedClosingTags;
/** set of disallowed html elements **/
private final String[] vDisallowed;
/** attributes which should be checked for valid protocols **/
private final String[] vProtocolAtts;
/** allowed protocols **/
private final String[] vAllowedProtocols;
/** tags which should be removed if they contain no content (e.g. "<b></b>" or "<b />") **/
private final String[] vRemoveBlanks;
/** entities allowed within html markup **/
private final String[] vAllowedEntities;
/** flag determining whether comments are allowed in input String. */
private final boolean stripComment;
private final boolean encodeQuotes;
private boolean vDebug = false;
/**
* flag determining whether to try to make tags when presented with "unbalanced"
* angle brackets (e.g. "<b text </b>" becomes "<b> text </b>"). If set to false,
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;
/** Default constructor.
*
*/
public HTMLFilter() {
vAllowed = new HashMap<>();
final ArrayList<String> a_atts = new ArrayList<String>();
a_atts.add("href");
a_atts.add("target");
vAllowed.put("a", a_atts);
final ArrayList<String> img_atts = new ArrayList<String>();
img_atts.add("src");
img_atts.add("width");
img_atts.add("height");
img_atts.add("alt");
vAllowed.put("img", img_atts);
final ArrayList<String> no_atts = new ArrayList<String>();
vAllowed.put("b", no_atts);
vAllowed.put("strong", no_atts);
vAllowed.put("i", no_atts);
vAllowed.put("em", no_atts);
vSelfClosingTags = new String[]{"img"};
vNeedClosingTags = new String[]{"a", "b", "strong", "i", "em"};
vDisallowed = new String[]{};
vAllowedProtocols = new String[]{"http", "mailto", "https"}; // no ftp.
vProtocolAtts = new String[]{"src", "href"};
vRemoveBlanks = new String[]{"a", "b", "strong", "i", "em"};
vAllowedEntities = new String[]{"amp", "gt", "lt", "quot"};
stripComment = true;
encodeQuotes = true;
alwaysMakeTags = true;
}
/** Set debug flag to true. Otherwise use default settings. See the default constructor.
*
* @param debug turn debug on with a true argument
*/
public HTMLFilter(final boolean debug) {
this();
vDebug = debug;
}
/** Map-parameter configurable constructor.
*
* @param conf map containing configuration. keys match field names.
*/
public HTMLFilter(final Map<String,Object> conf) {
assert conf.containsKey("vAllowed") : "configuration requires vAllowed";
assert conf.containsKey("vSelfClosingTags") : "configuration requires vSelfClosingTags";
assert conf.containsKey("vNeedClosingTags") : "configuration requires vNeedClosingTags";
assert conf.containsKey("vDisallowed") : "configuration requires vDisallowed";
assert conf.containsKey("vAllowedProtocols") : "configuration requires vAllowedProtocols";
assert conf.containsKey("vProtocolAtts") : "configuration requires vProtocolAtts";
assert conf.containsKey("vRemoveBlanks") : "configuration requires vRemoveBlanks";
assert conf.containsKey("vAllowedEntities") : "configuration requires vAllowedEntities";
vAllowed = Collections.unmodifiableMap((HashMap<String, List<String>>) conf.get("vAllo
没有合适的资源?快使用搜索试试~ 我知道了~
jeefast快速开发平台开源项目:较为完整的管理系统
共1485个文件
less:332个
js:318个
png:172个
1星 需积分: 44 49 下载量 131 浏览量
2018-11-06
22:00:42
上传
评论 7
收藏 14.33MB RAR 举报
温馨提示
JeeFast是一款基于SpringBoot+Mybatis-Plus+Bootstrap+Vue搭建的JAVA WEB快速开发平台。 平台内置 用户管理、部门管理、角色管理、菜单管理、日志管理、数据源监控、定时任务 等功能。 具有如下特点 友好的代码结构及注释,便于阅读及二次开发 实现前后端分离,通过token进行数据交互,前端再也不用关注后端技术 灵活的权限控制,可控制到页面或按钮,满足绝大部分的权限需求 完善的代码生成机制,可生成entity、xml、dao、service后台代码,减少70%以上的开发任务 使用quartz定时任务,可动态完成任务的添加、修改、删除、暂停、恢复、运行日志查看功能 页面交互使用Vue2.x,极大的提高了开发效率 使用Hibernate Validator校验框架,轻松实现后端校验 使用swagger2支持,方便使用API接口文档
资源推荐
资源详情
资源评论
收起资源包目录
jeefast快速开发平台开源项目:较为完整的管理系统 (1485个子文件)
HTMLFilter.class 14KB
ExcelUtil.class 13KB
ExcelTemplate.class 9KB
SysUserController.class 8KB
MyBatisPlusGenerator.class 6KB
MyBatisPlusGenerator.class 6KB
SysMenuController.class 5KB
ScheduleJobServiceImpl.class 5KB
ScheduleUtils.class 5KB
SysUser.class 5KB
SysRoleController.class 5KB
SysMenuServiceImpl.class 5KB
SysUserServiceImpl.class 4KB
ScheduleJobController.class 4KB
RedisUtils.class 4KB
ScheduleJobBean.class 4KB
RedisConfig.class 4KB
ShiroConfig.class 4KB
SysDeptController.class 4KB
PfNoticeController.class 4KB
LogAspect.class 4KB
SysLoginController.class 4KB
SysMenu.class 4KB
XssHttpServletRequestWrapper.class 4KB
SysRole.class 4KB
ScheduleJob.class 4KB
ScheduleJobLog.class 4KB
DataFilterAspect.class 3KB
SysDept.class 3KB
SysRoleServiceImpl.class 3KB
OAuth2Realm.class 3KB
ReadExcelTest.class 3KB
OAuth2Filter.class 3KB
ShiroServiceImpl.class 3KB
SysLog.class 3KB
PfNotice.class 3KB
TbUserServiceImpl.class 3KB
SysDeptServiceImpl.class 3KB
TbTokenServiceImpl.class 3KB
ScheduleJobLogController.class 3KB
SysUserTokenServiceImpl.class 3KB
DataSourceAspect.class 2KB
ExportExcelTest.class 2KB
TbUser.class 2KB
RRExceptionHandler.class 2KB
AuthorizationInterceptor.class 2KB
SysUserToken.class 2KB
TbToken.class 2KB
LoginUserHandlerMethodArgumentResolver.class 2KB
ScheduleConfig.class 2KB
Swagger2Config.class 2KB
SysLogController.class 2KB
TestTask.class 2KB
ValidatorUtils.class 2KB
PfNoticeServiceImpl.class 2KB
SysUserRoleServiceImpl.class 2KB
WebMvcConfigApi.class 2KB
SysRoleDeptServiceImpl.class 2KB
SysRoleMenuServiceImpl.class 2KB
SysRoleMenu.class 2KB
SysUserRole.class 2KB
SysRoleDept.class 2KB
ScheduleJobLogServiceImpl.class 2KB
Query.class 2KB
R.class 2KB
ShiroUtils.class 2KB
ApiTestController.class 2KB
ScheduleRunnable.class 2KB
ExcelHeader.class 2KB
DynamicDataSourceConfig.class 2KB
TokenGenerator.class 2KB
ApiLoginController.class 2KB
SysLogServiceImpl.class 2KB
SpringContextUtils.class 2KB
FilterConfig.class 2KB
DynamicDataSource.class 2KB
RedisAspect.class 2KB
IPUtils.class 2KB
MyBatisPlusGenerator$2.class 2KB
MyBatisPlusGenerator$2.class 2KB
Constant$CloudService.class 1KB
Constant$MenuType.class 1KB
DynamicDataSourceTest.class 1KB
Constant$ScheduleStatus.class 1KB
RRException.class 1KB
RedisTest.class 1KB
XssFilter.class 1KB
ApiRegisterController.class 1KB
SQLFilter.class 1KB
XssHttpServletRequestWrapper$1.class 1KB
KaptchaConfig.class 1KB
WebMvcConfig.class 1KB
JeeFastSystemApplication.class 1KB
JeeFastRestApplication.class 1KB
SysUserService.class 1KB
MybatisPlusConfig.class 1KB
WebMvcConfig.class 1KB
SysUserDao.class 1KB
BaseController.class 1KB
DataSourceTestService.class 1KB
共 1485 条
- 1
- 2
- 3
- 4
- 5
- 6
- 15
资源评论
- LearnBC2022-07-17jeefast
以后不能改ID了
- 粉丝: 4
- 资源: 14
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功