Best regex to catch XSS (Cross-site Scripting) attack (in Java)?

后端未结

关注

 9  1873

南方客 2020-12-02 08:49

Jeff actually posted about this in Sanitize HTML. But his example is in C# and I\'m actually more interested in a Java version. Does anyone have a better version for Java? I

9条回答

粉色の甜心 (楼主)

2020-12-02 09:48
For java, I used the following regular expression with replaceAll, and worked for me
```
value.replaceAll("(?i)(\\b)(on\\S+)(\\s*)=|javascript:|(<\\s*)(\\/*)script|style(\\s*)=|(<\\s*)meta", "");
```
Added (?i) to ignore case for alphabets.
0 讨论(0)

查看其它9个回答
发布评论:

提交评论
- 加载中...