package egovframework.com.cmm.util; public class EgovXSSUtil { public static boolean cleanXSS(String str) { String str_low= str.toLowerCase(); boolean returnSts = true; if( str_low.contains("javascript") ||str_low.contains("eval") ||str_low.contains("title") ||str_low.contains("onload") ||str_low.contains("onmousewheel") ||str_low.contains("onactive") ||str_low.contains("expression") ||str_low.contains("charset") ||str_low.contains("ondataavailable") ||str_low.contains("oncut") ||str_low.contains("applet") ||str_low.contains("document") ||str_low.contains("onafteripudate") ||str_low.contains("onclick") ||str_low.contains("meta") ||str_low.contains("string") ||str_low.contains("onmousedown") ||str_low.contains("onchange") ||str_low.contains("xml") ||str_low.contains("create") ||str_low.contains("onbeforeactivate") ||str_low.contains("onbeforecut") ||str_low.contains("blink") ||str_low.contains("append") ||str_low.contains("onbeforecopy") ||str_low.contains("ondbclick") ||str_low.contains("link") ||str_low.contains("binding") ||str_low.contains("onbeforedeactivate") ||str_low.contains("ondeactivate") ||str_low.contains("style") ||str_low.contains("alert") ||str_low.contains("prompt") ||str_low.contains("comfire") ||str_low.contains("ondrag") ||str_low.contains("script") ||str_low.contains("msgbox") ||str_low.contains("cnbeforeprint") ||str_low.contains("embed") ||str_low.contains("refresh") ||str_low.contains("cnbeforepaste") ||str_low.contains("object") ||str_low.contains("void") ||str_low.contains("iframe") ||str_low.contains("cookie") ||str_low.contains("ondatasetchaged") ||str_low.contains("ondragend") ||str_low.contains("ondragenter") ||str_low.contains("ondragleave") ||str_low.contains("onbeforeeditfocus") ||str_low.contains("onbeforeuload") ||str_low.contains("ondragover") ||str_low.contains("onerror") ) { returnSts = false; } return returnSts; } public String unscript(String data) { if (data == null || data.trim().equals("")) { return ""; } String ret = data; ret = ret.replaceAll("\"", """); ret = ret.replaceAll("\'", "'"); // single quot ret = ret.replaceAll("\\(", "("); ret = ret.replaceAll("\\)", ")"); ret = ret.replaceAll("<", "<"); ret = ret.replaceAll(">", ">"); ret = ret.replaceAll("<(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "<script"); ret = ret.replaceAll(""); return ret; } public String makeQuery(String str) { String result = ""; result = chkNull(str.replace("'", "")); result = chkNull(str.replace(";", "")); result = chkNull(str.replace("--", "")); result = chkNull(str.replace("|", "")); result = chkNull(str.replace(":", "")); result = chkNull(str.replace("+", "")); result = chkNull(str.replace("\\", "")); result = chkNull(str.replace("/", "")); result = chkNull(str.toLowerCase().replaceAll("select", "")); result = chkNull(str.toLowerCase().replaceAll("update", "")); result = chkNull(str.toLowerCase().replaceAll("delete", "")); result = chkNull(str.toLowerCase().replaceAll("insert", "")); result = chkNull(str.toLowerCase().replaceAll("where", "")); result = chkNull(str.toLowerCase().replaceAll("from", "")); result = "'"+result+"'"; return result; } public static String chkNull(String str) { if(str == null) return ""; else return str; } }