File name
Commit message
Commit date
File name
Commit message
Commit date
File name
Commit message
Commit date
File name
Commit message
Commit date
File name
Commit message
Commit date
File name
Commit message
Commit date
2025-07-28
package egovframework.com.cmm.util;
public class EgovXSSUtil {
public static boolean cleanXSS(String str) {
String str_low= str.toLowerCase();
boolean returnSts = true;
if(
str_low.contains("javascript")
||str_low.contains("eval")
||str_low.contains("title")
||str_low.contains("onload")
||str_low.contains("onmousewheel")
||str_low.contains("onactive")
||str_low.contains("expression")
||str_low.contains("charset")
||str_low.contains("ondataavailable")
||str_low.contains("oncut")
||str_low.contains("applet")
||str_low.contains("document")
||str_low.contains("onafteripudate")
||str_low.contains("onclick")
||str_low.contains("meta")
||str_low.contains("string")
||str_low.contains("onmousedown")
||str_low.contains("onchange")
||str_low.contains("xml")
||str_low.contains("create")
||str_low.contains("onbeforeactivate")
||str_low.contains("onbeforecut")
||str_low.contains("blink")
||str_low.contains("append")
||str_low.contains("onbeforecopy")
||str_low.contains("ondbclick")
||str_low.contains("link")
||str_low.contains("binding")
||str_low.contains("onbeforedeactivate")
||str_low.contains("ondeactivate")
||str_low.contains("style")
||str_low.contains("alert")
||str_low.contains("prompt")
||str_low.contains("comfire")
||str_low.contains("ondrag")
||str_low.contains("script")
||str_low.contains("msgbox")
||str_low.contains("cnbeforeprint")
||str_low.contains("embed")
||str_low.contains("refresh")
||str_low.contains("cnbeforepaste")
||str_low.contains("object")
||str_low.contains("void")
||str_low.contains("iframe")
||str_low.contains("cookie")
||str_low.contains("ondatasetchaged")
||str_low.contains("ondragend")
||str_low.contains("ondragenter")
||str_low.contains("ondragleave")
||str_low.contains("onbeforeeditfocus")
||str_low.contains("onbeforeuload")
||str_low.contains("ondragover")
||str_low.contains("onerror")
)
{
returnSts = false;
}
return returnSts;
}
public String unscript(String data) {
if (data == null || data.trim().equals("")) {
return "";
}
String ret = data;
ret = ret.replaceAll("\"", """);
ret = ret.replaceAll("\'", "'"); // single quot
ret = ret.replaceAll("\\(", "(");
ret = ret.replaceAll("\\)", ")");
ret = ret.replaceAll("<", "<");
ret = ret.replaceAll(">", ">");
ret = ret.replaceAll("<(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "<script");
ret = ret.replaceAll("</(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "</script");
ret = ret.replaceAll("<(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "<object");
ret = ret.replaceAll("</(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "</object");
ret = ret.replaceAll("<(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "<applet");
ret = ret.replaceAll("</(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "</applet");
ret = ret.replaceAll("<(E|e)(M|m)(B|b)(E|e)(D|d)", "<embed");
ret = ret.replaceAll("</(E|e)(M|m)(B|b)(E|e)(D|d)", "<embed");
ret = ret.replaceAll("<(F|f)(O|o)(R|r)(M|m)", "<form");
ret = ret.replaceAll("</(F|f)(O|o)(R|r)(M|m)", "<form");
ret = ret.replaceAll("alert", "");
return ret;
}
public String script(String data) {
if (data == null || data.trim().equals("")) {
return "";
}
String ret = data;
ret = ret.replaceAll(""", "\"");
ret = ret.replaceAll("'", "\'"); // single quot
ret = ret.replaceAll("(", "\\(");
ret = ret.replaceAll(")", "\\)");
ret = ret.replaceAll("<", "<");
ret = ret.replaceAll(">", ">");
return ret;
}
public String makeQuery(String str) {
String result = "";
result = chkNull(str.replace("'", ""));
result = chkNull(str.replace(";", ""));
result = chkNull(str.replace("--", ""));
result = chkNull(str.replace("|", ""));
result = chkNull(str.replace(":", ""));
result = chkNull(str.replace("+", ""));
result = chkNull(str.replace("\\", ""));
result = chkNull(str.replace("/", ""));
result = chkNull(str.toLowerCase().replaceAll("select", ""));
result = chkNull(str.toLowerCase().replaceAll("update", ""));
result = chkNull(str.toLowerCase().replaceAll("delete", ""));
result = chkNull(str.toLowerCase().replaceAll("insert", ""));
result = chkNull(str.toLowerCase().replaceAll("where", ""));
result = chkNull(str.toLowerCase().replaceAll("from", ""));
result = "'"+result+"'";
return result;
}
public static String chkNull(String str) {
if(str == null)
return "";
else
return str;
}
}