File name
Commit message
Commit date
File name
Commit message
Commit date
File name
Commit message
Commit date
File name
Commit message
Commit date
File name
Commit message
Commit date
package egovframework.com.cmm.util;
public class EgovXSSUtil {
public String unscript(String data) {
if (data == null || data.trim().equals("")) {
return "";
}
String ret = data;
ret = ret.replaceAll("\"", """);
ret = ret.replaceAll("\'", "'"); // single quot
ret = ret.replaceAll("\\(", "(");
ret = ret.replaceAll("\\)", ")");
ret = ret.replaceAll("<", "<");
ret = ret.replaceAll(">", ">");
ret = ret.replaceAll("<(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "<script");
ret = ret.replaceAll("</(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "</script");
ret = ret.replaceAll("<(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "<object");
ret = ret.replaceAll("</(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "</object");
ret = ret.replaceAll("<(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "<applet");
ret = ret.replaceAll("</(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "</applet");
ret = ret.replaceAll("<(E|e)(M|m)(B|b)(E|e)(D|d)", "<embed");
ret = ret.replaceAll("</(E|e)(M|m)(B|b)(E|e)(D|d)", "<embed");
ret = ret.replaceAll("<(F|f)(O|o)(R|r)(M|m)", "<form");
ret = ret.replaceAll("</(F|f)(O|o)(R|r)(M|m)", "<form");
ret = ret.replaceAll("alert", "");
return ret;
}
public String script(String data) {
if (data == null || data.trim().equals("")) {
return "";
}
String ret = data;
ret = ret.replaceAll(""", "\"");
ret = ret.replaceAll("'", "\'"); // single quot
ret = ret.replaceAll("(", "\\(");
ret = ret.replaceAll(")", "\\)");
ret = ret.replaceAll("<", "<");
ret = ret.replaceAll(">", ">");
return ret;
}
public String makeQuery(String str) {
String result = "";
result = chkNull(str.replace("'", ""));
result = chkNull(str.replace(";", ""));
result = chkNull(str.replace("--", ""));
result = chkNull(str.replace("|", ""));
result = chkNull(str.replace(":", ""));
result = chkNull(str.replace("+", ""));
result = chkNull(str.replace("\\", ""));
result = chkNull(str.replace("/", ""));
result = chkNull(str.toLowerCase().replaceAll("select", ""));
result = chkNull(str.toLowerCase().replaceAll("update", ""));
result = chkNull(str.toLowerCase().replaceAll("delete", ""));
result = chkNull(str.toLowerCase().replaceAll("insert", ""));
result = chkNull(str.toLowerCase().replaceAll("where", ""));
result = chkNull(str.toLowerCase().replaceAll("from", ""));
result = "'"+result+"'";
return result;
}
public static String chkNull(String str) {
if(str == null)
return "";
else
return str;
}
}