File name
Commit message
Commit date
07-28
File name
Commit message
Commit date
07-28
File name
Commit message
Commit date
07-28
07-28
File name
Commit message
Commit date
07-28
File name
Commit message
Commit date
07-28
File name
Commit message
Commit date
07-28
package egovframework.com.cmm.util;
public class EgovXSSUtil {
public String unscript(String data) {
if (data == null || data.trim().equals("")) {
return "";
}
String ret = data;
ret = ret.replaceAll("\"", """);
ret = ret.replaceAll("\'", "'"); // single quot
ret = ret.replaceAll("\\(", "(");
ret = ret.replaceAll("\\)", ")");
ret = ret.replaceAll("<", "<");
ret = ret.replaceAll(">", ">");
ret = ret.replaceAll("<(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "<script");
ret = ret.replaceAll("</(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "</script");
ret = ret.replaceAll("<(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "<object");
ret = ret.replaceAll("</(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "</object");
ret = ret.replaceAll("<(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "<applet");
ret = ret.replaceAll("</(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "</applet");
ret = ret.replaceAll("<(E|e)(M|m)(B|b)(E|e)(D|d)", "<embed");
ret = ret.replaceAll("</(E|e)(M|m)(B|b)(E|e)(D|d)", "<embed");
ret = ret.replaceAll("<(F|f)(O|o)(R|r)(M|m)", "<form");
ret = ret.replaceAll("</(F|f)(O|o)(R|r)(M|m)", "<form");
ret = ret.replaceAll("alert", "");
return ret;
}
public String script(String data) {
if (data == null || data.trim().equals("")) {
return "";
}
String ret = data;
ret = ret.replaceAll(""", "\"");
ret = ret.replaceAll("'", "\'"); // single quot
ret = ret.replaceAll("(", "\\(");
ret = ret.replaceAll(")", "\\)");
ret = ret.replaceAll("<", "<");
ret = ret.replaceAll(">", ">");
return ret;
}
public String makeQuery(String str) {
String result = "";
result = chkNull(str.replace("'", ""));
result = chkNull(str.replace(";", ""));
result = chkNull(str.replace("--", ""));
result = chkNull(str.replace("|", ""));
result = chkNull(str.replace(":", ""));
result = chkNull(str.replace("+", ""));
result = chkNull(str.replace("\\", ""));
result = chkNull(str.replace("/", ""));
result = chkNull(str.toLowerCase().replaceAll("select", ""));
result = chkNull(str.toLowerCase().replaceAll("update", ""));
result = chkNull(str.toLowerCase().replaceAll("delete", ""));
result = chkNull(str.toLowerCase().replaceAll("insert", ""));
result = chkNull(str.toLowerCase().replaceAll("where", ""));
result = chkNull(str.toLowerCase().replaceAll("from", ""));
result = "'"+result+"'";
return result;
}
public static String chkNull(String str) {
if(str == null)
return "";
else
return str;
}
}