package cn.jeefast.common.xss;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
*
* HTML filtering utility for protecting against XSS (Cross Site Scripting).
*
* This code is licensed LGPLv3
*
* This code is a Java port of the original work in PHP by Cal Hendersen.
* http://code.iamcal.com/php/lib_filter/
*
* The trickiest part of the translation was handling the differences in regex handling
* between PHP and Java. These resources were helpful in the process:
*
* http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
* http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php
* http://www.regular-expressions.info/modifiers.html
*
* A note on naming conventions: instance variables are prefixed with a "v"; global
* constants are in all caps.
*
* Sample use:
* String input = ...
* String clean = new HTMLFilter().filter( input );
*
* The class is not thread safe. Create a new instance if in doubt.
*
* If you find bugs or have suggestions on improvement (especially regarding
* performance), please contact us. The latest version of this
* source, and our contact details, can be found at http://xss-html-filter.sf.net
*
* @author Joseph O'Connell
* @author Cal Hendersen
* @author Michael Semb Wever
*/
public final class HTMLFilter {
/** regex flag union representing /si modifiers in php **/
private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
private static final Pattern P_COMMENTS = Pattern.compile("<!--(.*?)-->", Pattern.DOTALL);
private static final Pattern P_COMMENT = Pattern.compile("^!--(.*)--$", REGEX_FLAGS_SI);
private static final Pattern P_TAGS = Pattern.compile("<(.*?)>", Pattern.DOTALL);
private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)", REGEX_FLAGS_SI);
private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.*?)(/?)$", REGEX_FLAGS_SI);
private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=([\"'])(.*?)\\2", REGEX_FLAGS_SI);
private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^\"\\s']+)", REGEX_FLAGS_SI);
private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):", REGEX_FLAGS_SI);
private static final Pattern P_ENTITY = Pattern.compile("&#(\\d+);?");
private static final Pattern P_ENTITY_UNICODE = Pattern.compile("&#x([0-9a-f]+);?");
private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_AMP = Pattern.compile("&");
private static final Pattern P_QUOTE = Pattern.compile("<");
private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
// @xxx could grow large... maybe use sesat's ReferenceMap
private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap<String, Pattern>();
private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS = new ConcurrentHashMap<String, Pattern>();
/** set of allowed html elements, along with allowed attributes for each element **/
private final Map<String, List<String>> vAllowed;
/** counts of open tags for each (allowable) html element **/
private final Map<String, Integer> vTagCounts = new HashMap<String, Integer>();
/** html elements which must always be self-closing (e.g. "<img />") **/
private final String[] vSelfClosingTags;
/** html elements which must always have separate opening and closing tags (e.g. "<b></b>") **/
private final String[] vNeedClosingTags;
/** set of disallowed html elements **/
private final String[] vDisallowed;
/** attributes which should be checked for valid protocols **/
private final String[] vProtocolAtts;
/** allowed protocols **/
private final String[] vAllowedProtocols;
/** tags which should be removed if they contain no content (e.g. "<b></b>" or "<b />") **/
private final String[] vRemoveBlanks;
/** entities allowed within html markup **/
private final String[] vAllowedEntities;
/** flag determining whether comments are allowed in input String. */
private final boolean stripComment;
private final boolean encodeQuotes;
private boolean vDebug = false;
/**
* flag determining whether to try to make tags when presented with "unbalanced"
* angle brackets (e.g. "<b text </b>" becomes "<b> text </b>"). If set to false,
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;
/** Default constructor.
*
*/
public HTMLFilter() {
vAllowed = new HashMap<>();
final ArrayList<String> a_atts = new ArrayList<String>();
a_atts.add("href");
a_atts.add("target");
vAllowed.put("a", a_atts);
final ArrayList<String> img_atts = new ArrayList<String>();
img_atts.add("src");
img_atts.add("width");
img_atts.add("height");
img_atts.add("alt");
vAllowed.put("img", img_atts);
final ArrayList<String> no_atts = new ArrayList<String>();
vAllowed.put("b", no_atts);
vAllowed.put("strong", no_atts);
vAllowed.put("i", no_atts);
vAllowed.put("em", no_atts);
vSelfClosingTags = new String[]{"img"};
vNeedClosingTags = new String[]{"a", "b", "strong", "i", "em"};
vDisallowed = new String[]{};
vAllowedProtocols = new String[]{"http", "mailto", "https"}; // no ftp.
vProtocolAtts = new String[]{"src", "href"};
vRemoveBlanks = new String[]{"a", "b", "strong", "i", "em"};
vAllowedEntities = new String[]{"amp", "gt", "lt", "quot"};
stripComment = true;
encodeQuotes = true;
alwaysMakeTags = true;
}
/** Set debug flag to true. Otherwise use default settings. See the default constructor.
*
* @param debug turn debug on with a true argument
*/
public HTMLFilter(final boolean debug) {
this();
vDebug = debug;
}
/** Map-parameter configurable constructor.
*
* @param conf map containing configuration. keys match field names.
*/
public HTMLFilter(final Map<String,Object> conf) {
assert conf.containsKey("vAllowed") : "configuration requires vAllowed";
assert conf.containsKey("vSelfClosingTags") : "configuration requires vSelfClosingTags";
assert conf.containsKey("vNeedClosingTags") : "configuration requires vNeedClosingTags";
assert conf.containsKey("vDisallowed") : "configuration requires vDisallowed";
assert conf.containsKey("vAllowedProtocols") : "configuration requires vAllowedProtocols";
assert conf.containsKey("vProtocolAtts") : "configuration requires vProtocolAtts";
assert conf.containsKey("vRemoveBlanks") : "configuration requires vRemoveBlanks";
assert conf.containsKey("vAllowedEntities") : "configuration requires vAllowedEntities";
vAllowed = Collections.unmodifiableMap((HashMap<String, List<String>>) conf.get("vAllo
没有合适的资源?快使用搜索试试~ 我知道了~
spring vue简单示例
共743个文件
less:166个
js:159个
java:143个
需积分: 10 20 下载量 28 浏览量
2018-10-24
12:32:26
上传
评论
收藏 7.42MB ZIP 举报
温馨提示
spring boot +vue简单教程,包含一些用户管理、菜单等基础功能。
资源推荐
资源详情
资源评论
收起资源包目录
spring vue简单示例 (743个子文件)
ace.css 473KB
ace-rtl.css 149KB
bootstrap.css 132KB
ace-part2.css 129KB
bootstrap.min.css 118KB
ace-skins.css 99KB
AdminLTE.min.css 88KB
all-skins.min.css 40KB
datepicker.css 33KB
font-awesome.min.css 30KB
font-awesome.css 26KB
fullcalendar.css 22KB
bootstrap-editable.css 21KB
select2.css 19KB
ui.jqgrid-bootstrap.css 18KB
jquery-ui.css 18KB
ui.jqgrid.css 17KB
layer.css 14KB
ui.jqgrid.css 13KB
chosen.css 13KB
dropzone.css 11KB
ace-ie.css 11KB
awesome.css 8KB
metroStyle.css 6KB
daterangepicker.css 6KB
zTreeStyle.css 6KB
bootstrap-datetimepicker.css 6KB
bootstrap-table.min.css 6KB
fullcalendar.print.css 5KB
ace.onpage-help.css 5KB
layer.css 5KB
colorbox.css 4KB
jquery-ui.custom.css 4KB
bootstrap-timepicker.css 3KB
style.css 3KB
colorpicker.css 2KB
prettify.css 2KB
jquery.gritter.css 2KB
bootstrap-duallistbox.css 2KB
bootstrap-multiselect.css 1KB
jquery.treegrid.css 1KB
main.css 1KB
ui.jqgrid-bootstrap-ui.css 662B
ace-fonts.css 452B
pace.css 289B
fontawesome-webfont.eot 162KB
fontawesome-webfont.eot 55KB
glyphicons-halflings-regular.eot 20KB
glyphicons-halflings-regular.eot 20KB
loading.gif 8KB
loading-0.gif 6KB
zTreeStandard.gif 5KB
metro.gif 5KB
loading.gif 2KB
select2-spinner.gif 2KB
loading-2.gif 2KB
loading-1.gif 701B
loading.gif 381B
loading.gif 381B
loading.gif 381B
default-50x50.gif 184B
line_conn.gif 45B
.gitignore 33B
.gitignore 31B
.gitignore 31B
.gitignore 31B
.gitignore 10B
index.html 17KB
login.html 8KB
menu.html 5KB
user.html 4KB
schedule.html 4KB
role.html 4KB
dept.html 4KB
notice.html 3KB
main.html 2KB
schedule_log.html 1KB
log.html 1KB
favicon.ico 61KB
favicon.ico 61KB
HTMLFilter.java 20KB
ExcelUtil.java 13KB
ExcelTemplate.java 10KB
MyBatisPlusGenerator.java 6KB
MyBatisPlusGenerator.java 6KB
SysUserController.java 5KB
ScheduleUtils.java 5KB
SysMenuController.java 4KB
SysUser.java 4KB
XssHttpServletRequestWrapper.java 4KB
ShiroConfig.java 4KB
SysRoleController.java 3KB
ScheduleJobServiceImpl.java 3KB
ScheduleJobController.java 3KB
SysDeptController.java 3KB
ScheduleJob.java 3KB
ScheduleJobBean.java 3KB
SysMenuServiceImpl.java 3KB
PfNoticeController.java 3KB
OAuth2Filter.java 3KB
共 743 条
- 1
- 2
- 3
- 4
- 5
- 6
- 8
资源评论
weixin_39078242
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功